#!/usr/bin/env bash
set -ueo pipefail
# PURPOSE: Allows User to verify their local SOPS configuration using a sample SOPS config and SOPS-encrypted file
# Usage: 1. Existing User: upon adding key, run this script to update the SOPS Config and encrypted file
#        2. New User:      'Existing User' has added key, run this script to confirm correct local configuration
cd "$(dirname "${BASH_SOURCE[0]}")"

secrets_file="mock_secrets.yaml"

# prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321
test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" )

set -x
# within current dir: update .sops.yaml, update keys in encrypted file
../bin/update_sops.sh -c "${PWD}" "${secrets_file}"

# Special Case: Add caveat header
cat <<EOM > .sops.yaml.tmp
# PURPOSE: BLUEPRINT for .sops.yaml config
# CAVEAT: DO NOT USE THIS FILE AS-IS in another project; copy it and remove the unauthorised users
$( cat .sops.yaml )
EOM
mv .sops.yaml.tmp .sops.yaml