git-crypt-hook
Decrypts git-crypt
-encrypted sources as part of postUnpack
.
userSetupScript runs after unpacking, so you have to use preUnpack
to write the private key.
|
Example:
effects.mkEffect {
src = lib.cleanSource ./.;
inputs = [ effects.git-crypt-hook ];
preUnpack = ''
writeGPGKey git-crypt
'';
secretsMap.git-crypt = "default-gpg";
The src
attribute must include:
-
the
.git-crypt
at the root -
the
.gitattributes
files