agenix icon indicating copy to clipboard operation
agenix copied to clipboard

Published 20 hours ago verified publisher icon ryantm

pipe (generated) key to agenix

Open edrex opened this issue 3 years ago • 5 comments

I just got agenix set up today. Yay!

I'd like to be able to generate machine keys without a lot of manual steps. It's a small, useful thing and I'd be happy to submit and impl if we can settle on a spec.

Rather than integrating a particular password gen how about adding support for taking the cleartext from stdin?

Either overload the existing -e mode:

cat /dev/urandom | head -c 128 | agenix -e mysecret.age

or add a new mode like -i

wdyt?

edrex avatar Apr 08 '21 06:04 edrex

@edrex, this seems good and would also support the #9 use case. It doesn't seem like it needs a new flag, and it should be allowed even if you cannot decrypt mysecret.age, I think.

Note we may switch to this Rust implementation for the agenix CLI https://github.com/ryantm/agenix/issues/23 so cc @cole-h

ryantm avatar May 13 '21 03:05 ryantm

been afk for a bit, will pick this up (and catch up on Rust CLI status) when I get back to personal infra+Nix work

edrex avatar Jun 07 '21 19:06 edrex

FWIW, I've added support for reading initial contents from stdin in https://github.com/cole-h/agenix-cli/commit/124ddbd7b93fe02e59dec622f8085d41217c71b5. cat /dev/urandom | head -c 128 | agenix [filename] -s will create [filename] with the data read from /dev/urandom.

cole-h avatar Jun 08 '21 00:06 cole-h

Recently, ragenix also introduced support for reading from stdin for both non-existing and existing secret files. Instead of adding a new command line option, we decided to use EDITOR=-/--editor -:

cat /dev/urandom | head -c 128 | ragenix --editor "-" -e mysecret.age

veehaitch avatar Sep 25 '21 17:09 veehaitch

FWIW, I'm using the following hackaround to make this possible with vanilla agenix:

some_cmd | EDITOR='cp /dev/stdin' agenix -e secret.age

whentze avatar May 05 '22 13:05 whentze