echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
# Add OpenPGP passphrase into secret node config
-keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
-hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+# We cannot simple pipe keyringer output into hiera-eyaml otherwiser the newline after the password will be interpreted as part of the password
+#keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd | \
+#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/gpg/key.passwd`"
+echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
echo "" >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
# Add Borg passphrase into secret node config
-keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
-hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+#keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd | \
+#hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
+PASSWORD="`keyringer $HYDRA decrypt nodes/$NODE/borg/key.passwd`"
+echo -n "$PASSWORD" | hydra fluxo eyaml $NODE encrypt --stdin -o block -q -l nodo::subsystem::backup::borg::password >> $HYDRA_FOLDER/puppet/config/secrets/node/$NODE.yaml
# Ansible config
if [ -e "$HYDRA_FOLDER/ansible/inventories/production/hosts" ]; then
projects / hydra.git / commitdiff