#!/usr/bin/env -S nix shell nixpkgs#sops -c bash
# shellcheck shell=bash

set -o errexit
set -o nounset
set -o pipefail

if [[ -z "$SOPS_AGE_KEY_FILE" ]]; then
  echo "Please set the SOPS_AGE_KEY_FILE environment variable"
  exit 1
fi

find . -type f -name 'sops.yaml' | while IFS= read -r sops_file; do
  dir=$(dirname "$sops_file")
  echo "$dir"
  find "$dir" -maxdepth 1 -type f -regextype posix-extended \
    -regex '.+\.(yaml|yml|json|env|ini|bin)' \
    ! -name 'sops.yaml' | while IFS= read -r file; do
      echo "$file"
      sops --config "$sops_file" updatekeys "$file" -y
    done
done