You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.3 KiB
Bash
36 lines
1.3 KiB
Bash
#/usr/bin/env bash
|
|
# Purpose: manage .sops.yaml based on gpg keys in the same dir
|
|
set -euo pipefail
|
|
# sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
|
|
|
|
function fn_extract_fpr(){
|
|
gpgkeyfile=$1;shift;
|
|
# fingerprint
|
|
# caveat: restrict to netgo.de email, use-case:
|
|
# uid ... <...@mehrwerk.net>
|
|
# uid ... <...@netgo.de>
|
|
fpr="$(gpg --show-keys --list-options show-only-fpr-mbox "${gpgkeyfile}" | grep '@netgo.de' | awk "{print \$1}")"
|
|
echo "${fpr}"
|
|
}
|
|
|
|
function fn_extract_uid(){
|
|
gpgkeyfile=$1;shift;
|
|
# user id
|
|
# caveat: restrict to netgo.de email, use-case:
|
|
# uid ... <...@mehrwerk.net>
|
|
# uid ... <...@netgo.de>
|
|
uid="$(gpg --show-keys --with-colons "${gpgkeyfile}" | awk -F':' '$1=="uid" {print $10}' | grep '@netgo.de')"
|
|
echo "${uid}"
|
|
}
|
|
|
|
echo "# Fingerprint | User Type | User ID"
|
|
for gpgkeyfile in *automation*gpg.pub; do
|
|
u_type="autom"
|
|
echo "# $(fn_extract_fpr "${gpgkeyfile}") | ${u_type} | $(fn_extract_uid "${gpgkeyfile}")"
|
|
done
|
|
for gpgkeyfile in $(ls *gpg.pub | grep -v automation); do
|
|
u_type="human"
|
|
echo "# $(fn_extract_fpr "${gpgkeyfile}") | ${u_type} | $(fn_extract_uid "${gpgkeyfile}")"
|
|
done
|
|
echo "# keys in https://git.dev-at.de/smardigo-hetzner/communication-keys"
|