From 4d0509af5dea377d872176ac6a00aa4d9f9d9cd5 Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Mon, 20 Jun 2022 15:57:13 -0700
Subject: [PATCH] new script to update all sops secrets in a directory

also, rename secrets scripts to be grouped
---
 .../src/bin/{sane-dump-secret => sane-secrets-dump}        | 0
 .../src/bin/{sane-unlock-secrets => sane-secrets-unlock}   | 0
 pkgs/sane-scripts/src/bin/sane-secrets-update-keys         | 7 +++++++
 3 files changed, 7 insertions(+)
 rename pkgs/sane-scripts/src/bin/{sane-dump-secret => sane-secrets-dump} (100%)
 rename pkgs/sane-scripts/src/bin/{sane-unlock-secrets => sane-secrets-unlock} (100%)
 create mode 100755 pkgs/sane-scripts/src/bin/sane-secrets-update-keys

diff --git a/pkgs/sane-scripts/src/bin/sane-dump-secret b/pkgs/sane-scripts/src/bin/sane-secrets-dump
similarity index 100%
rename from pkgs/sane-scripts/src/bin/sane-dump-secret
rename to pkgs/sane-scripts/src/bin/sane-secrets-dump
diff --git a/pkgs/sane-scripts/src/bin/sane-unlock-secrets b/pkgs/sane-scripts/src/bin/sane-secrets-unlock
similarity index 100%
rename from pkgs/sane-scripts/src/bin/sane-unlock-secrets
rename to pkgs/sane-scripts/src/bin/sane-secrets-unlock
diff --git a/pkgs/sane-scripts/src/bin/sane-secrets-update-keys b/pkgs/sane-scripts/src/bin/sane-secrets-update-keys
new file mode 100755
index 00000000..9179e33f
--- /dev/null
+++ b/pkgs/sane-scripts/src/bin/sane-secrets-update-keys
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+# after modifying .sops.yaml, run this to re-encode all secrets to the new keys
+# pass the base directory (under which *everything* is a secret) as argument
+for i in $1/**/*
+do
+	yes | sops updatekeys "$i"
+done