Jafner.net/.sops/sops-setup.sh
2024-08-23 00:12:20 -07:00

24 lines
1011 B
Bash

SOPS_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
# Set up age keypair
if [[ -f $HOME/.age/key ]]; then
if ! cat ~/.bashrc | grep -q "export SOPS_AGE_KEY_FILE"; then
echo "Add this line to your shell profile (e.g. ~/.bashrc or ~/.zshrc):"
echo "export SOPS_AGE_KEY_FILE=$HOME/.age/key"
else
echo "SOPS_AGE_KEY_FILE: $SOPS_AGE_KEY_FILE"
fi
else
mkdir -p $HOME/.age
HOST_CONFIG_DIR=$SOPS_DIR/../$HOSTNAME/
mkdir -p $HOST_CONFIG_DIR
age-keygen -o $HOME/.age/key > $HOST_CONFIG_DIR/.age-pubkey
echo "Pubkey added to $HOST_CONFIG_DIR/.age-pubkey"
echo "If any secrets have already been committed for this host, re-encrypt them with the new pubkey as a recipient."
fi
# Configure the git filters
git config --local filter.sops.smudge $SOPS_DIR/decrypt-filter.sh %f
git config --local filter.sops.clean $SOPS_DIR/encrypt-filter.sh %f
git config --local filter.sops.required true
git config --local diff.sops.textconv "sops decrypt"