2024-05-01 17:11:36 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
# Edit a single attribute of a sops json file
|
|
|
|
|
# Helps working with multiline strings in json
|
|
|
|
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
SECRETS_FILE="$1"
|
|
|
|
|
KEY="$2"
|
|
|
|
|
|
|
|
|
|
if [[ -n $EDITOR ]]; then
|
|
|
|
|
EDITOR=vim
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
TMP_FILE="$(mktemp)"
|
|
|
|
|
|
|
|
|
|
clerie-sops --decrypt --extract "[\"${KEY}\"]" "${SECRETS_FILE}" > "${TMP_FILE}"
|
|
|
|
|
|
2024-05-02 12:28:22 +02:00
|
|
|
TMP_FILE_HASH_BEFORE="$(sha256sum "${TMP_FILE}")"
|
|
|
|
|
|
2024-05-01 17:11:36 +02:00
|
|
|
vim "${TMP_FILE}"
|
|
|
|
|
|
2024-05-02 12:28:22 +02:00
|
|
|
TMP_FILE_HASH_AFTER="$(sha256sum "${TMP_FILE}")"
|
|
|
|
|
|
|
|
|
|
# Don't write value back when it hasn't changed
|
|
|
|
|
if [[ "${TMP_FILE_HASH_BEFORE}" == "${TMP_FILE_HASH_AFTER}" ]]; then
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
2024-05-01 17:11:36 +02:00
|
|
|
JSON_QUOTED_SECRET="$(jq -Rs '.' "${TMP_FILE}")"
|
|
|
|
|
|
|
|
|
|
rm "${TMP_FILE}"
|
|
|
|
|
|
|
|
|
|
clerie-sops --set "[\"${KEY}\"] ${JSON_QUOTED_SECRET}" "${SECRETS_FILE}"
|
