Secrets: allow to generate additional keys with --new

2025-08-10 11:36:45 +02:00
parent 29f440a482
commit 62b748624d
1 changed files with 22 additions and 7 deletions
--- a/pkgs/clan-cli/clan_cli/secrets/key.py
+++ b/pkgs/clan-cli/clan_cli/secrets/key.py
@@ -40,13 +40,21 @@ def generate_key() -> sops.SopsKey:


 def generate_command(args: argparse.Namespace) -> None:
-    key = generate_key()
-    key_type = key.key_type.name.lower()
-    print(f"Add your {key_type} public key to the repository with:", file=sys.stderr)
-    print(
-        f"clan secrets users add <username> --{key_type}-key {key.pubkey}",
-        file=sys.stderr,
-    )
+    pub_keys = sops.maybe_get_admin_public_keys()
+
+    if not pub_keys or args.new:
+        key = generate_key()
+        pub_keys = [key]
+
+    for key in pub_keys:
+        key_type = key.key_type.name.lower()
+        print(
+            f"Add your {key_type} public key to the repository with:", file=sys.stderr
+        )
+        print(
+            f"clan secrets users add <username> --{key_type}-key {key.pubkey}",
+            file=sys.stderr,
+        )


 def show_command(args: argparse.Namespace) -> None:
@@ -92,6 +100,13 @@ def register_key_parser(parser: argparse.ArgumentParser) -> None:
            "`clan secrets users add --help'"
        ),
    )
+    parser_generate.add_argument(
+        "new",
+        help=(
+            "Generate a new key, without checking if a key already exists. "
+            " This will not overwrite an existing key."
+        ),
+    )
    parser_generate.set_defaults(func=generate_command)

    parser_show = subparser.add_parser("show", help="show public key")