From 179d1ed2c6ebc58368ea31e72e2af3dca27b2f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 28 Nov 2023 13:31:18 +0100 Subject: [PATCH] add sops command to sync keys with secrets --- pkgs/clan-cli/clan_cli/secrets/key.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/pkgs/clan-cli/clan_cli/secrets/key.py b/pkgs/clan-cli/clan_cli/secrets/key.py index 0875d84b5..41c893a48 100644 --- a/pkgs/clan-cli/clan_cli/secrets/key.py +++ b/pkgs/clan-cli/clan_cli/secrets/key.py @@ -1,8 +1,16 @@ import argparse +from pathlib import Path from .. import tty from ..errors import ClanError -from .sops import default_sops_key_path, generate_private_key, get_public_key +from .folders import sops_secrets_folder +from .secrets import collect_keys_for_path, list_secrets +from .sops import ( + default_sops_key_path, + generate_private_key, + get_public_key, + update_keys, +) def generate_key() -> str: @@ -34,6 +42,16 @@ def show_command(args: argparse.Namespace) -> None: print(show_key()) +def update_command(args: argparse.Namespace) -> None: + flake_dir = Path(args.flake) + for name in list_secrets(flake_dir): + secret_path = sops_secrets_folder(flake_dir) / name + update_keys( + secret_path, + list(sorted(collect_keys_for_path(secret_path))), + ) + + def register_key_parser(parser: argparse.ArgumentParser) -> None: subparser = parser.add_subparsers( title="command", @@ -47,3 +65,6 @@ def register_key_parser(parser: argparse.ArgumentParser) -> None: parser_show = subparser.add_parser("show", help="show age public key") parser_show.set_defaults(func=show_command) + + parser_update = subparser.add_parser("update", help="re-encrypt all secrets with current keys (useful when changing keys)") + parser_update.set_defaults(func=update_command)