add sane script to convert ssh -> sops key
This commit is contained in:
parent
b6de07a731
commit
c0dad51c6a
18
pkgs/sane-scripts/src/bin/sane-unlock-secrets
Executable file
18
pkgs/sane-scripts/src/bin/sane-unlock-secrets
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# unlocks the SOPS store (i.e. populate a SOPS key from the user's SSH key)
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
mkdir -p ~/.config/sops/age
|
||||||
|
|
||||||
|
# unlock the SSH key
|
||||||
|
cp ~/.ssh/id_ed25519 ~/.config/sops/age/id_ed25519
|
||||||
|
ssh-keygen -p -N "" -f ~/.config/sops/age/id_ed25519
|
||||||
|
# convert ssh -> age
|
||||||
|
ssh-to-age -private-key -i ~/.config/sops/age/id_ed25519 > ~/.config/sops/age/keys.txt
|
||||||
|
chmod 600 ~/.config/sops/age/keys.txt
|
||||||
|
|
||||||
|
# remove the unlocked SSH key
|
||||||
|
rm ~/.config/sops/age/id_ed25519
|
||||||
|
|
||||||
|
# present the pubkey for convenience (e.g. if this sops key is new)
|
||||||
|
echo pubkey: $(cat ~/.ssh/id_ed25519.pub | ssh-to-age)
|
Loading…
Reference in New Issue
Block a user