#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

find . -type f -name 'sops.yaml' | while IFS= read -r sops_file; do
  dir=$(dirname "$sops_file")

  namespace=$(grep -A1 "namespaces:" "$sops_file" | tail -n1 | awk '{print $2}' | tr -d '&')
  SOPS_AGE_KEY_FILE="./secrets/$namespace/key.txt"
  export SOPS_AGE_KEY_FILE

  find "$dir" -maxdepth 1 -type f -regextype posix-extended \
    -regex '.+\.(yaml|yml|json|env|ini|bin)' \
    ! -name 'sops.yaml' | while IFS= read -r file; do
      sops --config "$sops_file" updatekeys "$file" -y
    done

  unset SOPS_AGE_KEY_FILE
done