You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 lines
1.3 KiB
Bash
29 lines
1.3 KiB
Bash
#!/usr/bin/env bash
|
|
set -ueo pipefail
|
|
# PURPOSE: Allows User to verify their local SOPS configuration using a sample SOPS config and SOPS-encrypted file
|
|
# Usage: 1. Existing User: upon adding key, run this script to update the SOPS Config and encrypted file
|
|
# 2. New User: 'Existing User' has added key, run this script to confirm correct local configuration
|
|
cd "$(dirname "${BASH_SOURCE[0]}")"
|
|
|
|
secrets_file="mock_secrets.yaml"
|
|
|
|
# prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321
|
|
test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" )
|
|
|
|
set -x
|
|
# within current dir: update .sops.yaml, update keys in encrypted file
|
|
../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
|
|
|
|
# verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
|
|
GPG_TTY=$(tty) sops -d "${secrets_file}"
|
|
|
|
# Special Case: Add caveat header
|
|
cat <<EOM > .sops.yaml.tmp
|
|
# PURPOSE: BLUEPRINT for .sops.yaml config
|
|
# CAVEAT: DO NOT USE THIS FILE AS-IS in another project; copy it and remove the unauthorised users
|
|
$( cat .sops.yaml )
|
|
EOM
|
|
mv .sops.yaml.tmp .sops.yaml
|
|
# if reached this far, is success, due to bash strict mode. I.e. script would have failed by now.
|
|
echo "SUCESS"
|