|
|
|
|
@ -57,6 +57,7 @@ function fn_sops_generate_config(){
|
|
|
|
|
# sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
|
|
|
|
|
# CAVEAT: dirty hacks, as DRY as feasible within bash
|
|
|
|
|
|
|
|
|
|
>&2 echo "# RUN: generate SOPS config"
|
|
|
|
|
# hack: 2D list workaround, i.e. difficult to have list-of-lists
|
|
|
|
|
fpr_list=()
|
|
|
|
|
uid_list=()
|
|
|
|
|
@ -107,6 +108,7 @@ fn_sops_updatekeys_and_verify(){
|
|
|
|
|
test -e "${sops_enc_file}" || exit 1
|
|
|
|
|
|
|
|
|
|
# "update the keys of SOPS files using the config file"
|
|
|
|
|
>&2 echo "# RUN: sops updatekeys ${sops_enc_file}"
|
|
|
|
|
sops updatekeys "${sops_enc_file}"
|
|
|
|
|
|
|
|
|
|
# verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
|
|
|
|
|
@ -212,7 +214,8 @@ function main(){
|
|
|
|
|
if [[ "${#secrets_file_list[@]}" != "0" ]]; then
|
|
|
|
|
# import keys
|
|
|
|
|
pushd "${keyfiles_dir}" > /dev/null 2>&1
|
|
|
|
|
gpg --import *.gpg.pub
|
|
|
|
|
>&2 echo "# RUN: gpg --import *.gpg.pub"
|
|
|
|
|
gpg_out="$(gpg --import *.gpg.pub 2>&1)"
|
|
|
|
|
popd > /dev/null 2>&1
|
|
|
|
|
# update
|
|
|
|
|
for secrets_file in "${secrets_file_list[@]}"; do
|
|
|
|
|
|
LeeW
10 months ago