From 62b748624d0ec0a27bb8dcd1e52f95ea865cdd37 Mon Sep 17 00:00:00 2001
From: Johannes Kirschbauer <hsjobeki@gmail.com>
Date: Sun, 10 Aug 2025 11:36:45 +0200
Subject: [PATCH] Secrets: allow to generate additional keys with --new

---
 pkgs/clan-cli/clan_cli/secrets/key.py | 29 ++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/key.py b/pkgs/clan-cli/clan_cli/secrets/key.py
index 5bb5db180..343f72941 100644
--- a/pkgs/clan-cli/clan_cli/secrets/key.py
+++ b/pkgs/clan-cli/clan_cli/secrets/key.py
@@ -40,13 +40,21 @@ def generate_key() -> sops.SopsKey:
 
 
 def generate_command(args: argparse.Namespace) -> None:
-    key = generate_key()
-    key_type = key.key_type.name.lower()
-    print(f"Add your {key_type} public key to the repository with:", file=sys.stderr)
-    print(
-        f"clan secrets users add <username> --{key_type}-key {key.pubkey}",
-        file=sys.stderr,
-    )
+    pub_keys = sops.maybe_get_admin_public_keys()
+
+    if not pub_keys or args.new:
+        key = generate_key()
+        pub_keys = [key]
+
+    for key in pub_keys:
+        key_type = key.key_type.name.lower()
+        print(
+            f"Add your {key_type} public key to the repository with:", file=sys.stderr
+        )
+        print(
+            f"clan secrets users add <username> --{key_type}-key {key.pubkey}",
+            file=sys.stderr,
+        )
 
 
 def show_command(args: argparse.Namespace) -> None:
@@ -92,6 +100,13 @@ def register_key_parser(parser: argparse.ArgumentParser) -> None:
             "`clan secrets users add --help'"
         ),
     )
+    parser_generate.add_argument(
+        "new",
+        help=(
+            "Generate a new key, without checking if a key already exists. "
+            " This will not overwrite an existing key."
+        ),
+    )
     parser_generate.set_defaults(func=generate_command)
 
     parser_show = subparser.add_parser("show", help="show public key")