#3 Init working encrypt-filter and testsecret.

TODO: Test decrypt-filter, write setup script

homelab/.sops/decrypt-filter.sh

@@ -1,15 +1,14 @@
 #!/bin/bash
-# Takes one file path as input
-# Outputs to a new file with `.enc` stripped from the end
-
-# if [ "$#" -ne 1 ]; then
-#     echo "Usage: $0 <file_path>"
-#     exit 1
-# fi
+# Takes file path from stdin
+# Outputs to stdout
 
+# Set age key file path
+# If no private key exists at the expected location,
+#   Create the key file at the expected location
 SOPS_AGE_KEY_FILE=$HOME/.age/key
 if [[ -f $SOPS_AGE_KEY_FILE ]]; then
     export SOPS_AGE_KEY_FILE=$HOME/.age/key
+    age-keygen -o $SOPS_AGE_KEY_FILE
 fi
 
 # Set age directory and default recipients

homelab/.sops/encrypt-filter.sh

@@ -1,17 +1,17 @@
 #!/bin/bash
-# Takes input on stdin
+# Takes file path from stdin
 # Outputs to stdout
 
 # Set age directory and default recipients
 AGE_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
 SOPS_AGE_RECIPIENTS="$(<$AGE_DIR/.age-author-pubkeys)"
+FILE_PATH=$(realpath $1)
 
-# Get host to which input file belongs
-FILE_PATH=$1
-HOST_AGE_PUBKEY="$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey"
-
-if [[ -f $HOST_AGE_PUBKEY ]]; then
+# Check for host pubkey, add as recipient if present
+if [[ -f "$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey" ]]; then
+    HOST_AGE_PUBKEY=$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey
+    HOST_AGE_PUBKEY=$(realpath $HOST_AGE_PUBKEY)
     SOPS_AGE_RECIPIENTS="$SOPS_AGE_RECIPIENTS,$(<$HOST_AGE_PUBKEY)"
 fi
 
-sops --encrypt --age ${SOPS_AGE_RECIPIENTS} /dev/fd/3
+sops --encrypt --age ${SOPS_AGE_RECIPIENTS} $1

homelab/fighter/testsecret.env

@@ -0,0 +1,9 @@
+MYSECRET=ENC[AES256_GCM,data:fNAgaJQhUYK+bIKbFQHZ9dvhIBAlGgcAdLrBUJAdne1u46Kq7v6j983XJV9d+2sq,iv:mCuuf0smlkL3/K2oHv88qjsL6uwt5DTXXgVDmHajTcI=,tag:zjAkW6lfKVyOZ/I0ViHEyg==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvK1F1RFVjemtJdzVZdS96\nTVppM1BESE9JZHRsWTdPenlnbHA0TGZ6QVVJCldDNlRrYytUUVNCUUdXaU4rdytS\neURqWnJJUVJzUDJQZml1SDhzN0VjUkEKLS0tIHlGR2VLemJrUVRCdXNyOCtOM2dq\nMXJ1TzFSSGloMEQrQ2xoMEQzUlg4a2MKhD7eosNdYBnKwsT89fUdsi0k2aHuv/6a\nhfJBjed/Bu+PgVA6owlmEQwpetL4WG9BRRCzVL9Yg5d1P+nAs11rwA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4S3RsUlVHUlZ0UkpJQVJS\nMldaSlcxejJFVEdjbVJhb2NTOHBEUnkyL0NZClRmMVpxb1VGQWg5RFpPOC9HWDlK\nTGNRRDBVZjZiU0tPRzhEbWF2d0VDOVkKLS0tIFoxYTVLQ1R2L3F6ckp5dVFtdjdK\neHkzZGdpcUl0MllnempkM1ExeGtSUlkK8uCcH3a8c8EHh2vb08czG5k2WsXFAIGb\nbQrtjqAcdJJ2HG7WUMhQdtFpnxZHjfu+BLgLdogcIYHZH2J6mmMsJw==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855
+sops_lastmodified=2024-08-15T23:13:08Z
+sops_mac=ENC[AES256_GCM,data:93KiNX13U3O04oxPFsTsNzlSHnakBw2umncaVhLpq7FMBxrFpGFMQSYq29qW+kkMWW+ySY9JtCgNGthzoMQIThn0vWVIN7Ko633boqRo1Du0uZvBSqH0YgJmXRe3yfMvl2VgKWI2cnijyGv8RnJQEW9KDb3huzSI45ABdunXnqQ=,iv:iUIYk4b67U+r131gKuIQouFy6JdpQiNejFfx5LodcXg=,tag:nYyvV6kQ6dE8iBwVXLSxdQ==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.9.0