Refactor secrets

1 files changed, 13 insertions, 0 deletions

diff --git a/sshtool b/sshtool
index 94a3ea0..b5de384 100755
--- a/sshtool
+++ b/sshtool
@@ -68,6 +68,19 @@ EOG
 EOF
 }
 
+function copy_secret {
+	local FROM=$1
+	local TO=$2
+	cat <<EOF
+echo '- write secret $TO from $FROM'
+base64 -d <<EOG | tee $TO > /dev/null
+$(base64 <$FROM)
+EOG
+chown root:root $TO
+chmod 0600 $TO
+EOF
+}
+
 for NIXHOST in $NIXHOSTLIST; do
 	NIXHOST=${NIXHOST%.*}