From c02b8102377c8121e470a714a20d5990d89ed0c6 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Thu, 15 Aug 2024 16:28:28 -0700 Subject: [PATCH] #3 Update encrypt and decrypt filter scripts - Decrypt: use realpath of file to decrypt as FILE_PATH - Decrypt: Switch from in-place to stdout - Encrypt: Switch from operating on $1 to $FILE_PATH --- homelab/.sops/decrypt-filter.sh | 17 ++++++----------- homelab/.sops/encrypt-filter.sh | 2 +- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/homelab/.sops/decrypt-filter.sh b/homelab/.sops/decrypt-filter.sh index 240f8b52..e5d8229e 100755 --- a/homelab/.sops/decrypt-filter.sh +++ b/homelab/.sops/decrypt-filter.sh @@ -15,18 +15,13 @@ export SOPS_AGE_KEY_FILE=$HOME/.age/key # Set age directory and default recipients AGE_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd) SOPS_AGE_RECIPIENTS="$(<$AGE_DIR/.age-author-pubkeys)" +FILE_PATH=$(realpath $1) -# Get host to which input file belongs -FILE_PATH=$1 -HOST_AGE_PUBKEY="$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey" - -if [[ -f $HOST_AGE_PUBKEY ]]; then +# Check for host pubkey, add as recipient if present +if [[ -f "$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey" ]]; then + HOST_AGE_PUBKEY=$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey + HOST_AGE_PUBKEY=$(realpath $HOST_AGE_PUBKEY) SOPS_AGE_RECIPIENTS="$SOPS_AGE_RECIPIENTS,$(<$HOST_AGE_PUBKEY)" fi -input_file=$1 -file_extension=${input_file##*.} -file_name=${input_file%%.*} -output_file="$file_name.enc.$file_extension" - -sops --decrypt --age ${SOPS_AGE_RECIPIENTS} -i $input_file +sops --decrypt --age ${SOPS_AGE_RECIPIENTS} $FILE_PATH diff --git a/homelab/.sops/encrypt-filter.sh b/homelab/.sops/encrypt-filter.sh index d709d7da..b0451399 100755 --- a/homelab/.sops/encrypt-filter.sh +++ b/homelab/.sops/encrypt-filter.sh @@ -14,4 +14,4 @@ if [[ -f "$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/ SOPS_AGE_RECIPIENTS="$SOPS_AGE_RECIPIENTS,$(<$HOST_AGE_PUBKEY)" fi -sops --encrypt --age ${SOPS_AGE_RECIPIENTS} $1 \ No newline at end of file +sops --encrypt --age ${SOPS_AGE_RECIPIENTS} $FILE_PATH \ No newline at end of file