yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Sops: generate key should always 'generate' a key pair when beeing called

Browse Source 
Check if you want to generate a new key as a caller
This commit is contained in:
Johannes Kirschbauer
2025-08-10 11:03:51 +02:00
parent f15fd1be52
commit 29f440a482
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pkgs/clan-cli/clan_cli/secrets/key.py
View File

@@ -13,22 +13,25 @@ from .sops import (
default_admin_private_key_path, default_admin_private_key_path,
generate_private_key, generate_private_key,
load_age_plugins, load_age_plugins,
maybe_get_admin_public_keys,
) )
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
def generate_key() -> sops.SopsKey: def generate_key() -> sops.SopsKey:
keys = maybe_get_admin_public_keys() """
if keys is not None: Generate a new age key and return it as a SopsKey.
key = keys[0]
print(f"{key.key_type.name} key {key.pubkey} is already set", file=sys.stderr) This function does not check if the key already exists.
return key It will generate a new key every time it is called.
Use 'check_key_exists' to check if a key already exists.
Before calling this function if you dont want to generate a new key.
"""
path = default_admin_private_key_path() path = default_admin_private_key_path()
_, pub_key = generate_private_key(out_file=path) _, pub_key = generate_private_key(out_file=path)
print( log.warning(
f"Generated age private key at '{path}' for your user.\nPlease back it up on a secure location or you will lose access to your secrets." f"Generated age private key at '{path}' for your user.\nPlease back it up on a secure location or you will lose access to your secrets."
) )
return sops.SopsKey( return sops.SopsKey(