secrets modules: pass secrets as bytes

pkgs/clan-cli/clan_cli/secrets/generate.py

@@ -74,7 +74,7 @@ def generate_secrets(machine: Machine) -> None:
                         msg = f"did not generate a file for '{secret}' when running the following command:\n"
                         msg += machine.secrets_data[service]["generator"]
                         raise ClanError(msg)
-                    secret_store.set(service, secret, secret_file.read_text())
+                    secret_store.set(service, secret, secret_file.read_bytes())
                 # store facts
                 for name, fact_path in machine.secrets_data[service]["facts"].items():
                     fact_file = facts_dir / name

pkgs/clan-cli/clan_cli/secrets/modules/password_store.py

@@ -10,13 +10,13 @@ class SecretStore:
     def __init__(self, machine: Machine) -> None:
         self.machine = machine
 
-    def set(self, service: str, name: str, value: str) -> None:
+    def set(self, service: str, name: str, value: bytes) -> None:
         subprocess.run(
             nix_shell(
                 ["nixpkgs#pass"],
                 ["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"],
             ),
-            input=value.encode("utf-8"),
+            input=value,
             check=True,
         )
 

pkgs/clan-cli/clan_cli/secrets/modules/sops.py

@@ -28,11 +28,11 @@ class SecretStore:
         )
         add_machine(self.machine.flake_dir, self.machine.name, pub_key, False)
 
-    def set(self, _service: str, name: str, value: str) -> None:
+    def set(self, _service: str, name: str, value: bytes) -> None:
         encrypt_secret(
             self.machine.flake_dir,
             sops_secrets_folder(self.machine.flake_dir) / f"{self.machine.name}-{name}",
-            value,
+            value.decode(),
             add_machines=[self.machine.name],
         )