Don't try to access keys when applying with --no-keys

Question

Don't try to access keys when applying with --no-keys

Opened this issue a year ago · 0 comments

I'm trying to use a scheme for security where my secrets are stored in an encrypted S3 bucket. Then I can just mount them whenever I need to do a colmena apply, like this:

> rclone mount ci-secrets:/ci-secrets /home/tom/my-secrets
> colmena apply

This works great. However, sometimes I'd like to apply a simple change that doesn't involve the keys. So I tried without the mount using --no-keys, expecting it to work:

> colmena apply --no-keys
...
[ERROR]   stderr) error: opening file '/home/tom/my-secrets/some-secret': No such file or directory
...
[ERROR] Operation failed with error: Child process exited with error code: 1

Would it be possible for colmena to avoid trying to access the key paths in this case?

(Note: I use a quoted string for the path to the secrets to avoid them ending up in the Nix store, as the Colmena docs recommend.)