remove old script file
This commit is contained in:
parent
3439d73a9b
commit
2e495e5ab5
1 changed files with 0 additions and 68 deletions
68
age.sh
68
age.sh
|
@ -1,68 +0,0 @@
|
||||||
#! /usr/bin/env nix-shell
|
|
||||||
#! nix-shell -i bash -p age yq-go
|
|
||||||
set -euxo pipefail
|
|
||||||
|
|
||||||
RULES=example.yaml
|
|
||||||
|
|
||||||
function cleanup {
|
|
||||||
if [ ! -z ${CLEARTEXT_DIR+x} ]
|
|
||||||
then
|
|
||||||
rm -rf "$CLEARTEXT_DIR"
|
|
||||||
fi
|
|
||||||
if [ ! -z ${REENCRYPTED_DIR+x} ]
|
|
||||||
then
|
|
||||||
rm -rf "$REENCRYPTED_DIR"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
trap "cleanup" 0 2 3 15
|
|
||||||
|
|
||||||
function ageEdit {
|
|
||||||
FILE=$1
|
|
||||||
KEYS=$(yq r "$RULES" "secrets.(name==$FILE).public_keys.**")
|
|
||||||
if [ -z "$KEYS" ]
|
|
||||||
then
|
|
||||||
>&2 echo "There is no rule for $FILE in $RULES."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
CLEARTEXT_DIR=$(mktemp -d)
|
|
||||||
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename "$FILE")"
|
|
||||||
|
|
||||||
|
|
||||||
if [ -f "$FILE" ]
|
|
||||||
then
|
|
||||||
DECRYPT=(--decrypt)
|
|
||||||
while IFS= read -r key
|
|
||||||
do
|
|
||||||
DECRYPT+=(--identity "$key")
|
|
||||||
done <<<$(find ~/.ssh -maxdepth 1 -type f -not -name "*pub" -not -name "config" -not -name "authorized_keys" -not -name "known_hosts")
|
|
||||||
DECRYPT+=(-o "$CLEARTEXT_FILE" "$FILE")
|
|
||||||
age "${DECRYPT[@]}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
$EDITOR "$CLEARTEXT_FILE"
|
|
||||||
|
|
||||||
ENCRYPT=()
|
|
||||||
while IFS= read -r key
|
|
||||||
do
|
|
||||||
echo "$key"
|
|
||||||
ENCRYPT+=(--recipient "$key")
|
|
||||||
done <<< "$KEYS"
|
|
||||||
|
|
||||||
REENCRYPTED_DIR=$(mktemp -d)
|
|
||||||
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename "$FILE")"
|
|
||||||
|
|
||||||
ENCRYPT+=(-o "$REENCRYPTED_FILE")
|
|
||||||
|
|
||||||
cat "$CLEARTEXT_FILE" | age "${ENCRYPT[@]}"
|
|
||||||
|
|
||||||
mv -f "$REENCRYPTED_FILE" "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
function rekey {
|
|
||||||
FILES=$(yq r "$RULES" "secrets.*.name")
|
|
||||||
for FILE in $FILES
|
|
||||||
do
|
|
||||||
EDITOR=echo ageEdit $FILE
|
|
||||||
done
|
|
||||||
}
|
|
Loading…
Reference in a new issue