karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e0602dd1a04019500dec588e5c466721f5ffbef4
nix/lib/scripts/update-keys.sh
Nikolaos Karaolidis 7737abc45e Unfuck secrets 
Don't worry why all the commit hashes suddenly changed, it's fine.

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-02-19 13:06:35 +00:00

23 lines
651 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env -S nix shell nixpkgs#sops -c bash
# shellcheck shell=bash
set -o errexit
set -o nounset
set -o pipefail
find . -type f -name 'sops.yaml' | while IFS= read -r sops_file; do
dir=$(dirname "$sops_file")
namespace=$(grep -A1 "namespaces:" "$sops_file" | tail -n1 | awk '{print $2}' | tr -d '&')
SOPS_AGE_KEY_FILE="./secrets/$namespace/key.txt"
export SOPS_AGE_KEY_FILE
find "$dir" -maxdepth 1 -type f -regextype posix-extended \
-regex '.+\.(yaml|yml|json|env|ini|bin)' \
! -name 'sops.yaml' | while IFS= read -r file; do
sops --config "$sops_file" updatekeys "$file" -y
done
unset SOPS_AGE_KEY_FILE
done
Reference in New Issue View Git Blame Copy Permalink