7a673ea95f
To use a PGP key instead of an age key you can set `SOPS_PGP_FP`. (You
can use `gpg -k --fingerprint --fingerprint` to get your PGP encryption
key fingerprint, remove spaces from it).
The internal manifest file already supported a type field, and so I built
from there.
With those changes, I was able to add my PGP key, and update all my
secrets with it, instead of the age key originally generated:
```
% clan secrets key show | jq
{
"key": "ADB6276965590A096004F6D1E114CBAE8FA29165",
"type": "pgp"
}
% clan secrets key update
% for s in $(clan secrets list) ; do clan secrets users add-secret kal-pgp-from-2022-12-to-2024-12 "$s"; done
% for s in $(clan secrets list) ; do clan secrets users remove-secret --debug kal "$s" ; done
```
clan-cli
The clan-cli contains the command line interface
Hacking on the cli
We recommend setting up direnv to load the developement with nix.
If you do not have it set up you can also use nix develop directly like this:
use flake .#clan-cli --builders ''
After you can use the local bin wrapper to test things in the cli:
./bin/clan
Run locally single-threaded for debugging
By default tests run in parallel using pytest-parallel.
pytest-parallel however breaks breakpoint(). To disable it, use this:
pytest -n0 -s
You can also run a single test like this:
pytest -n0 -s tests/test_secrets_cli.py::test_users
Run tests in nix container
Run all impure checks
nix run .#impure-checks
Run all checks
nix flake check