new script to update all sops secrets in a directory

also, rename secrets scripts to be grouped
2022-06-20 15:57:13 -07:00 · 2022-06-20 15:57:13 -07:00 · 4d0509af5d
commit 4d0509af5d
parent c0dad51c6a
3 changed files with 7 additions and 0 deletions
--- a/pkgs/sane-scripts/src/bin/sane-secrets-dump
+++ b/pkgs/sane-scripts/src/bin/sane-secrets-dump
--- a/pkgs/sane-scripts/src/bin/sane-secrets-unlock
+++ b/pkgs/sane-scripts/src/bin/sane-secrets-unlock
--- a/pkgs/sane-scripts/src/bin/sane-secrets-update-keys
+++ b/pkgs/sane-scripts/src/bin/sane-secrets-update-keys
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+# after modifying .sops.yaml, run this to re-encode all secrets to the new keys
+# pass the base directory (under which *everything* is a secret) as argument
+for i in $1/**/*
+do
+	yes | sops updatekeys "$i"
+done