676da8dca3
Separate "authors" keys and "deploy" keys. Add features to setup, encrypt, and decrypt scripts: - Validate input arguments - Set age keyfile and recipients dynamically at runtime
26 lines
756 B
Bash
Executable File
26 lines
756 B
Bash
Executable File
#!/bin/bash
|
|
# Takes one file path as input
|
|
# Outputs to a new file named `$1.enc`
|
|
|
|
if [ "$#" -ne 1 ]; then
|
|
echo "Usage: $0 <file_path>"
|
|
exit 1
|
|
fi
|
|
|
|
# Set age directory and default recipients
|
|
AGE_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
|
|
SOPS_AGE_RECIPIENTS="$(<$AGE_DIR/.age-author-pubkeys)"
|
|
|
|
# Get host to which input file belongs
|
|
FILE_PATH=$1
|
|
HOST_AGE_PUBKEY="$AGE_DIR/../$(realpath -m --relative-to=$AGE_DIR $FILE_PATH | cut -d'/' -f2)/.age-pubkey"
|
|
|
|
if [[ -f $HOST_AGE_PUBKEY ]]; then
|
|
SOPS_AGE_RECIPIENTS="$SOPS_AGE_RECIPIENTS,$(<$HOST_AGE_PUBKEY)"
|
|
fi
|
|
|
|
FILE_EXT=${FILE_PATH##*.}
|
|
FILE_NAME=${FILE_PATH%%.*}
|
|
OUTPUT_FILE="$FILE_NAME.enc.$FILE_EXT"
|
|
|
|
sops --encrypt --age ${SOPS_AGE_RECIPIENTS} $FILE_PATH > $OUTPUT_FILE |