Sops: generate key should always 'generate' a key pair when beeing called

Check if you want to generate a new key as a caller
2025-08-10 11:03:51 +02:00
parent f15fd1be52
commit 29f440a482
1 changed files with 10 additions and 7 deletions
--- a/pkgs/clan-cli/clan_cli/secrets/key.py
+++ b/pkgs/clan-cli/clan_cli/secrets/key.py
@@ -13,22 +13,25 @@ from .sops import (
    default_admin_private_key_path,
    generate_private_key,
    load_age_plugins,
-    maybe_get_admin_public_keys,
 )

 log = logging.getLogger(__name__)


 def generate_key() -> sops.SopsKey:
-    keys = maybe_get_admin_public_keys()
-    if keys is not None:
-        key = keys[0]
-        print(f"{key.key_type.name} key {key.pubkey} is already set", file=sys.stderr)
-        return key
+    """
+    Generate a new age key and return it as a SopsKey.
+
+    This function does not check if the key already exists.
+    It will generate a new key every time it is called.
+
+    Use 'check_key_exists' to check if a key already exists.
+    Before calling this function if you dont want to generate a new key.
+    """

    path = default_admin_private_key_path()
    _, pub_key = generate_private_key(out_file=path)
-    print(
+    log.warning(
        f"Generated age private key at '{path}' for your user.\nPlease back it up on a secure location or you will lose access to your secrets."
    )
    return sops.SopsKey(