Verified Commit 511b6ca4 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

misc/vault-keyring-client.sh: add flock workaround

Otherwise running terraform under tf-stage2 will often fail with:

> ansible.errors.AnsibleError: Vault password client script
> ../misc/vault-keyring-client.sh did not find a secret for
> vault-id=default: b'gpg: decryption failed: No secret key\n'
parent fd411020
Pipeline #18529 passed with stage
in 32 seconds
#!/bin/sh
exec gpg --batch --decrypt --quiet "$(dirname $0)/vault-$2-password.gpg"
readonly vault_password_file_encrypted="$(dirname $0)/vault-$2-password.gpg"
# often getting "gpg: decryption failed: No secret key" in tf-stage2
# seems to work with flock (issue last reproduced with gnupg 2.2.35)
flock "$vault_password_file_encrypted" \
gpg --batch --decrypt --quiet "$vault_password_file_encrypted"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment