From a87cf3120b34f035c1a8f0e8e4065c3beb752680 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <miehe@dp-electronics.de>
Date: Tue, 22 Sep 2020 16:40:04 +0200
Subject: [PATCH] secrets handling

---
 do-plicity | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/do-plicity b/do-plicity
index 8a4c28c..af8b4cd 100755
--- a/do-plicity
+++ b/do-plicity
@@ -5,21 +5,40 @@
 #############
 
 # commands
-env_exe="$(command -v env)"
 ionice_exe="$(command -v ionice)"
 duplicity_exe="$(command -v duplicity)"
 
+# files
+duplicity_secrets_file='/root/duplicity_secrets'
+
+###############
+# ENVIRONMENT #
+###############
+
+# load secrets file
+if [ -f "${duplicity_secrets_file}" ]; then
+    # shellcheck disable=SC1090
+    . "${duplicity_secrets_file}"
+fi
+
 # check if uses encryption
 if [ -n "${GPG_KEY_ID}" ]; then
     # gpg key given
-    env_changes="PASSPHRASE='${GPG_PASSPHRASE}'"
+    PASSPHRASE="${GPG_PASSPHRASE}"
+    export PASSPHRASE
     encrypt_opts="--encrypt-key='${GPG_KEY_ID}'"
 else
     # no key given
-    env_changes=""
     encrypt_opts="--no-encryption"
 fi
 
+# check if uses AWS
+if [ -n "${AWS_ACCESS_KEY_ID}" ]; then
+    # export AWS credentials
+    export AWS_ACCESS_KEY_ID
+    export AWS_SECRET_ACCESS_KEY
+fi
+
 #############
 # FUNCTIONS #
 #############
@@ -46,14 +65,7 @@ print_command() {
     pc_task="${1}"
     shift 1
 
-    # if environment should be changed, call with "env"
-    if [ -n "${env_changes}" ]; then
-        pc_cmdline="${env_exe} ${env_changes} "
-    else
-        pc_cmdline=""
-    fi
-
-    pc_cmdline="${pc_cmdline}${ionice_exe} -c 3 ${duplicity_exe} ${encrypt_opts}"
+    pc_cmdline="${ionice_exe} -c 3 ${duplicity_exe} ${encrypt_opts}"
 
     case "${pc_task}" in
         backup)