Handle new env secretKey with sops

cmd/deploy/deploy.go

@@ -25,6 +25,8 @@ import (
 	"time"
 
 	tea "github.com/charmbracelet/bubbletea"
+	teaLog "github.com/charmbracelet/log"
+	"github.com/mightymoud/sidekick/render"
 	"github.com/mightymoud/sidekick/utils"
 	"github.com/pterm/pterm"
 	"github.com/spf13/cobra"
@@ -48,6 +50,12 @@ It assumes that your VPS is already configured and that your application is read
 			pterm.Error.Println(`Sidekick config not found in current directory Run sidekick launch`)
 			os.Exit(1)
 		}
+		if viper.GetString("secretKey") == "" {
+			render.GetLogger(teaLog.Options{Prefix: "Backward Compat"}).Error("Recent changes to how Sidekick handles secrets prevents you from launcing a new application.")
+			render.GetLogger(teaLog.Options{Prefix: "Backward Compat"}).Info("To fix this, run `Sidekick init` with the same server address you have now.")
+			render.GetLogger(teaLog.Options{Prefix: "Backward Compat"}).Info("Learn more at www.sidekickdeploy.com/docs/design/encryption")
+			os.Exit(1)
+		}
 
 		cmdStages := []stage{
 			makeStage("Validating connection with VPS", "VPS is reachable", false),
@@ -71,6 +79,7 @@ It assumes that your VPS is already configured and that your application is read
 		replacer := strings.NewReplacer(
 			"$service_name", appConfig.Name,
 			"$app_port", fmt.Sprint(appConfig.Port),
+			"$age_secret_key", viper.GetString("secretKey"),
 		)
 
 		go func() {

cmd/launch/launch.go

@@ -42,6 +42,13 @@ var LaunchCmd = &cobra.Command{
 			render.GetLogger(log.Options{Prefix: "Sidekick Config"}).Fatalf("%s", configErr)
 		}
 
+		if viper.GetString("secretKey") == "" {
+			render.GetLogger(log.Options{Prefix: "Backward Compat"}).Error("Recent changes to how Sidekick handles secrets prevents you from launcing a new application.")
+			render.GetLogger(log.Options{Prefix: "Backward Compat"}).Info("To fix this, run `Sidekick init` with the same server address you have now.")
+			render.GetLogger(log.Options{Prefix: "Backward Compat"}).Info("Learn more at www.sidekickdeploy.com/docs/design/encryption")
+			os.Exit(1)
+		}
+
 		if utils.FileExists("./sidekick.yml") {
 			render.GetLogger(log.Options{Prefix: "Sidekick Setup"}).Error("Sidekick config exits in this project.")
 			render.GetLogger(log.Options{Prefix: "Sidekick Setup"}).Info("You can deploy a new version of your application with Sidekick deploy.")
@@ -238,7 +245,7 @@ var LaunchCmd = &cobra.Command{
 					p.Send(errorMsg{ErrorStr: encryptSyncErrr.Error()})
 				}
 
-				runAppCmdOutChan, _, sessionErr1 := utils.RunCommand(sshClient, fmt.Sprintf(`cd %s && sops exec-env encrypted.env 'docker compose -p sidekick up -d'`, appName))
+				runAppCmdOutChan, _, sessionErr1 := utils.RunCommand(sshClient, fmt.Sprintf(`cd %s && export SOPS_AGE_KEY=%s && sops exec-env encrypted.env 'docker compose -p sidekick up -d'`, appName, viper.GetString("secretKey")))
 				go func() {
 					p.Send(logMsg{LogLine: <-runAppCmdOutChan + "\n"})
 					time.Sleep(time.Millisecond * 50)

cmd/preview/preview.go

@@ -23,7 +23,9 @@ import (
 	"strings"
 	"time"
 
+	teaLog "github.com/charmbracelet/log"
 	previewList "github.com/mightymoud/sidekick/cmd/preview/list"
+	"github.com/mightymoud/sidekick/render"
 	"github.com/mightymoud/sidekick/utils"
 	"github.com/pterm/pterm"
 	"github.com/spf13/cobra"
@@ -46,6 +48,13 @@ var PreviewCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
+		if viper.GetString("secretKey") == "" {
+			render.GetLogger(teaLog.Options{Prefix: "Backward Compat"}).Error("Recent changes to how Sidekick handles secrets prevents you from launcing a new application.")
+			render.GetLogger(teaLog.Options{Prefix: "Backward Compat"}).Info("To fix this, run `Sidekick init` with the same server address you have now.")
+			render.GetLogger(teaLog.Options{Prefix: "Backward Compat"}).Info("Learn more at www.sidekickdeploy.com/docs/design/encryption")
+			os.Exit(1)
+		}
+
 		gitTreeCheck := exec.Command("sh", "-s", "-")
 		gitTreeCheck.Stdin = strings.NewReader(utils.CheckGitTreeScript)
 		output, _ := gitTreeCheck.Output()
@@ -173,7 +182,7 @@ var PreviewCmd = &cobra.Command{
 			encryptSync := exec.Command("rsync", "encrypted.env", fmt.Sprintf("%s@%s:%s", "sidekick", viper.Get("serverAddress").(string), fmt.Sprintf("./%s/preview/%s", appConfig.Name, deployHash)))
 			encryptSync.Run()
 
-			_, _, sessionErr1 := utils.RunCommand(sshClient, fmt.Sprintf(`cd %s/preview/%s && sops exec-env encrypted.env 'docker compose -p sidekick up -d'`, appConfig.Name, deployHash))
+			_, _, sessionErr1 := utils.RunCommand(sshClient, fmt.Sprintf(`cd %s/preview/%s && export SOPS_AGE_KEY=%s && sops exec-env encrypted.env 'docker compose -p sidekick up -d'`, appConfig.Name, deployHash, viper.GetString("secretKey")))
 			if sessionErr1 != nil {
 				panic(sessionErr1)
 			}

utils/scripts.go

@@ -49,6 +49,7 @@ var EnvEncryptionScript = `
 	`
 
 var DeployAppWithEnvScript = `
+	export SOPS_AGE_KEY=$age_secret_key && \
 	cd $service_name && \
 	old_container_id=$(docker ps -f name=$service_name -q | tail -n1) && \
 	sops exec-env encrypted.env 'docker compose -p sidekick up -d --no-deps --scale $service_name=2 --no-recreate $service_name' && \