|
|
|
@ -3,6 +3,7 @@
|
|
|
|
set -euo pipefail
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
|
|
function fn_gpg_extract_fpr(){
|
|
|
|
function fn_gpg_extract_fpr(){
|
|
|
|
|
|
|
|
# PURPOSE: get fingerprint from gpg keyfile
|
|
|
|
gpgkeyfile=$1;shift;
|
|
|
|
gpgkeyfile=$1;shift;
|
|
|
|
# fingerprint
|
|
|
|
# fingerprint
|
|
|
|
# caveat: restrict to netgo.de email, use-case:
|
|
|
|
# caveat: restrict to netgo.de email, use-case:
|
|
|
|
@ -14,6 +15,7 @@ function fn_gpg_extract_fpr(){
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function fn_gpg_extract_uid(){
|
|
|
|
function fn_gpg_extract_uid(){
|
|
|
|
|
|
|
|
# PURPOSE: get user-id from gpg keyfile
|
|
|
|
gpgkeyfile=$1;shift;
|
|
|
|
gpgkeyfile=$1;shift;
|
|
|
|
# user id
|
|
|
|
# user id
|
|
|
|
# caveat: restrict to netgo.de email, use-case:
|
|
|
|
# caveat: restrict to netgo.de email, use-case:
|
|
|
|
@ -25,6 +27,7 @@ function fn_gpg_extract_uid(){
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function fn_sops_locate_config_in_git_repo(){
|
|
|
|
function fn_sops_locate_config_in_git_repo(){
|
|
|
|
|
|
|
|
# PURPOSE: locate sops config
|
|
|
|
# Returns path sops config to be updated; defaults to returning "$(git rev-parse --show-toplevel)/.sops.yaml"
|
|
|
|
# Returns path sops config to be updated; defaults to returning "$(git rev-parse --show-toplevel)/.sops.yaml"
|
|
|
|
# sops locates config by recursively walking _up_ the tree from the execeution dir context,
|
|
|
|
# sops locates config by recursively walking _up_ the tree from the execeution dir context,
|
|
|
|
# + _but_ does not have a mechanism to update the sops config
|
|
|
|
# + _but_ does not have a mechanism to update the sops config
|
|
|
|
@ -54,6 +57,7 @@ function fn_sops_locate_config_in_git_repo(){
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function fn_sops_generate_config(){
|
|
|
|
function fn_sops_generate_config(){
|
|
|
|
|
|
|
|
# PURPOSE: generate sops config based on keyfiles
|
|
|
|
# sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
|
|
|
|
# sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
|
|
|
|
# CAVEAT: dirty hacks, as DRY as feasible within bash
|
|
|
|
# CAVEAT: dirty hacks, as DRY as feasible within bash
|
|
|
|
|
|
|
|
|
|
|
|
@ -102,7 +106,7 @@ EOM
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
fn_sops_updatekeys_and_verify(){
|
|
|
|
fn_sops_updatekeys_and_verify(){
|
|
|
|
# call 'sops updatekeys' and dump contents of file so end user can visually verify functionality
|
|
|
|
# PURPOSE: call 'sops updatekeys' and dump contents of file so end user can visually verify functionality
|
|
|
|
sops_enc_file="${1}";shift;
|
|
|
|
sops_enc_file="${1}";shift;
|
|
|
|
# update keys in secrets file
|
|
|
|
# update keys in secrets file
|
|
|
|
test -e "${sops_enc_file}" || exit 1
|
|
|
|
test -e "${sops_enc_file}" || exit 1
|
|
|
|
|
LeeW
10 months ago