sops automation: fixes config dir specification

bin/update_sops.sh

@@ -124,7 +124,7 @@ function main(){
   # assume location of script as running directly from repo with keys (instead of as a standalone packaged tool)
   keyfiles_dir="${repo_root}"
   # assume location of secrets config file in pwd
-  sops_config_dir="${PWD}"
+  sops_config_dir=""
   # path to group definitions
   groups_def_dir="${repo_root}/groups"
   # optional:
@@ -168,9 +168,15 @@ function main(){
   # VALIDATE INPUTS
   keyfiles_dir="$(realpath "${keyfiles_dir}")"
   test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
-  sops_config_dir="$(realpath "${sops_config_dir}")"
-  test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
-  sops_config="${sops_config_dir}/.sops.yaml"
+  sops_config=""
+  if [[ -n "${sops_cfg_dir:-}" ]]; then
+    sops_config_dir="$(realpath "${sops_config_dir}")"
+    test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
+    sops_config="${sops_config_dir}/.sops.yaml"
+    set -x
+    touch "${sops_config}"
+  fi
+
   # locate appropriate sops config if default assumption not found
   if [[ ! -e "${sops_config}" ]]; then
     # dev note: '2> /dev/null' to disable debug output

example/cmd_sops.sh

@@ -13,7 +13,7 @@ test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${
 set -x
 # SAMPLE COMMANDS - manually uncomment to try out
 # minimal operation: update .sops.yaml, update keys in encrypted file
-../bin/update_sops.sh "${secrets_file}"
+../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
 # Full Args: specify path to each, also for secrets, mix specified and positional params
 # ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}"
 # TEST: induce error: invalid file