2024-08-15 15:13:41 -07:00
|
|
|
#!/bin/bash
|
2024-08-15 16:14:07 -07:00
|
|
|
# Takes file path from stdin
|
|
|
|
# Outputs to stdout
|
2024-08-15 15:13:41 -07:00
|
|
|
|
2024-08-16 12:09:26 -07:00
|
|
|
if ! [[ -f $1 ]]; then
|
|
|
|
echo "\$1 is not a file"
|
|
|
|
echo "\$1: $1"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2024-08-15 16:14:07 -07:00
|
|
|
# Set age key file path
|
|
|
|
# If no private key exists at the expected location,
|
|
|
|
# Create the key file at the expected location
|
2024-08-15 15:13:41 -07:00
|
|
|
SOPS_AGE_KEY_FILE=$HOME/.age/key
|
2024-08-15 16:24:21 -07:00
|
|
|
if [[ ! -f $SOPS_AGE_KEY_FILE ]]; then
|
2024-08-15 16:14:07 -07:00
|
|
|
age-keygen -o $SOPS_AGE_KEY_FILE
|
2024-08-15 15:13:41 -07:00
|
|
|
fi
|
|
|
|
|
2024-08-15 16:24:21 -07:00
|
|
|
export SOPS_AGE_KEY_FILE=$HOME/.age/key
|
|
|
|
|
2024-08-15 15:13:41 -07:00
|
|
|
# Set age directory and default recipients
|
|
|
|
AGE_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
|
|
|
|
SOPS_AGE_RECIPIENTS="$(<$AGE_DIR/.age-author-pubkeys)"
|
2024-08-15 16:28:28 -07:00
|
|
|
FILE_PATH=$(realpath $1)
|
2024-08-15 15:13:41 -07:00
|
|
|
|
2024-08-15 16:28:28 -07:00
|
|
|
# Check for host pubkey, add as recipient if present
|
|
|
|
if [[ -f "$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey" ]]; then
|
|
|
|
HOST_AGE_PUBKEY=$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey
|
|
|
|
HOST_AGE_PUBKEY=$(realpath $HOST_AGE_PUBKEY)
|
2024-08-15 15:13:41 -07:00
|
|
|
SOPS_AGE_RECIPIENTS="$SOPS_AGE_RECIPIENTS,$(<$HOST_AGE_PUBKEY)"
|
|
|
|
fi
|
|
|
|
|
2024-08-15 16:28:28 -07:00
|
|
|
sops --decrypt --age ${SOPS_AGE_RECIPIENTS} $FILE_PATH
|