gitea-admin
/
communication-keys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor: args, secrets files

Browse Source
ADP-179_sops_manage_keys
LeeW 11 months ago
parent 002982c4ac
commit d8bc39c9d8
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File

14
bin/update_sops.sh
Unescape Escape View File

@ -7,16 +7,18 @@ set -euo pipefail
keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)" keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
# assume location of secrets config file in pwd # assume location of secrets config file in pwd
sops_config_dir="${PWD}" sops_config_dir="${PWD}"
# optional: secrets files to be updated
secrets_file_list=()
while (( $# >= 1 ));do while (( $# >= 1 ));do
cur="${1}"; cur="${1}";
case $cur in case $cur in
-k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;; -k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
-c|--config_dir) sops_config_dir="${2}"; shift ;; -c|--config_dir) sops_config_dir="${2}"; shift ;;
*) secrets_file_list+=( "${cur}" )
esac esac
shift; shift;
done done
secrets_file="${1:-0}"
keyfiles_dir="$(realpath "${keyfiles_dir}")" keyfiles_dir="$(realpath "${keyfiles_dir}")"
test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1) test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
@ -24,8 +26,10 @@ sops_config_dir="$(realpath "${sops_config_dir}")"
test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1) test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
sops_config="${sops_config_dir}/.sops.yaml" sops_config="${sops_config_dir}/.sops.yaml"
test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1) test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1)
if [[ "${secrets_file}" != "0" ]]; then if [[ "${#secrets_file_list[@]}" != "0" ]]; then
test -e "${secrets_file}" || (echo "E: could not locate .sops.yaml, tried ${secrets_file}" && exit 1) for secrets_file in "${secrets_file_list[@]}"; do
test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
done
fi fi
# /OPTIONS AND ARGPARSING # /OPTIONS AND ARGPARSING
@ -116,8 +120,10 @@ fn_sops_updatekeys_and_verify(){
# verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/ # verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
GPG_TTY=$(tty) sops -d "${sops_enc_file}" GPG_TTY=$(tty) sops -d "${sops_enc_file}"
} }
if [[ "${secrets_file}" != "0" ]]; then if [[ "${#secrets_file_list[@]}" != "0" ]]; then
for secrets_file in "${secrets_file_list[@]}"; do
fn_sops_updatekeys_and_verify "${secrets_file}" fn_sops_updatekeys_and_verify "${secrets_file}"
done
echo "# SUCESS: all users with keys in this dir should have functional keys" echo "# SUCESS: all users with keys in this dir should have functional keys"
else else
echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files" echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files"

1
example/cmd_sops.sh
Unescape Escape View File

@ -12,3 +12,4 @@ test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${
set -x set -x
# ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" "${secrets_file}" # ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" "${secrets_file}"
../bin/update_sops.sh "${secrets_file}" ../bin/update_sops.sh "${secrets_file}"
# test: uncomment, expect: error # ../bin/update_sops.sh "${secrets_file}" secrets.yaml

Write Preview
Loading…
Cancel
Save