From be37194b9a6d54aaf84801b6b9d60c71c9a01c50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 8 Apr 2025 17:44:12 +0200
Subject: [PATCH] sops: fix compatibility with new format

The new format can have null values now.
---
 pkgs/clan-cli/clan_cli/secrets/sops.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/pkgs/clan-cli/clan_cli/secrets/sops.py b/pkgs/clan-cli/clan_cli/secrets/sops.py
index 3f533962c..25f6298d7 100644
--- a/pkgs/clan-cli/clan_cli/secrets/sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/sops.py
@@ -449,15 +449,20 @@ def decrypt_file(secret_path: Path) -> str:
 
 def get_recipients(secret_path: Path) -> set[SopsKey]:
     sops_attrs = json.loads((secret_path / "secret").read_text())["sops"]
-    return {
-        SopsKey(
-            pubkey=recipient[key_type.sops_recipient_attr],
-            username="",
-            key_type=key_type,
-        )
-        for key_type in KeyType
-        for recipient in sops_attrs[key_type.name.lower()] or []
-    }
+    keys = set()
+    for key_type in KeyType:
+        recipients = sops_attrs.get(key_type.name.lower())
+        if not recipients:
+            continue
+        for recipient in recipients:
+            keys.add(
+                SopsKey(
+                    pubkey=recipient[key_type.sops_recipient_attr],
+                    username="",
+                    key_type=key_type,
+                )
+            )
+    return keys
 
 
 def get_meta(secret_path: Path) -> dict: