|
|
|
|
@ -2,11 +2,33 @@
|
|
|
|
|
# Purpose: manage .sops.yaml based on gpg keys in the same dir _and_ verify correct configuration
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
keyfiles_dir="$(realpath "${1?"E: specify dir containing keyfiles"}")"; shift;
|
|
|
|
|
sops_config_dir="$(realpath "${1?"E: specify dir containing .sops.yaml"}")"; shift;
|
|
|
|
|
sops_config="${sops_config_dir}/.sops.yaml"
|
|
|
|
|
# OPTIONS AND ARGPARSING
|
|
|
|
|
# assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
|
|
|
|
|
keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
|
|
|
|
|
# assume location of secrets config file in pwd
|
|
|
|
|
sops_config_dir="${PWD}"
|
|
|
|
|
|
|
|
|
|
while (( $# >= 1 ));do
|
|
|
|
|
cur="${1}";
|
|
|
|
|
case $cur in
|
|
|
|
|
-k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
|
|
|
|
|
-c|--config_dir) sops_config_dir="${2}"; shift ;;
|
|
|
|
|
esac
|
|
|
|
|
shift;
|
|
|
|
|
done
|
|
|
|
|
secrets_file="${1:-0}"
|
|
|
|
|
|
|
|
|
|
keyfiles_dir="$(realpath "${keyfiles_dir}")"
|
|
|
|
|
test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
|
|
|
|
|
sops_config_dir="$(realpath "${sops_config_dir}")"
|
|
|
|
|
test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
|
|
|
|
|
sops_config="${sops_config_dir}/.sops.yaml"
|
|
|
|
|
test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1)
|
|
|
|
|
if [[ "${secrets_file}" != "0" ]]; then
|
|
|
|
|
test -e "${secrets_file}" || (echo "E: could not locate .sops.yaml, tried ${secrets_file}" && exit 1)
|
|
|
|
|
fi
|
|
|
|
|
# /OPTIONS AND ARGPARSING
|
|
|
|
|
|
|
|
|
|
function fn_extract_fpr(){
|
|
|
|
|
gpgkeyfile=$1;shift;
|
|
|
|
|
# fingerprint
|
|
|
|
|
|
LeeW
11 months ago