#!/usr/bin/env bash
# unlocks the SOPS store (i.e. populate a SOPS key from the user's SSH key)
set -ex

mkdir -p ~/.config/sops/age

# unlock the SSH key
cp ~/.ssh/id_ed25519 ~/.config/sops/age/id_ed25519
ssh-keygen -p -N "" -f ~/.config/sops/age/id_ed25519
# convert ssh -> age
ssh-to-age -private-key -i ~/.config/sops/age/id_ed25519 > ~/.config/sops/age/keys.txt
chmod 600 ~/.config/sops/age/keys.txt

# remove the unlocked SSH key
rm ~/.config/sops/age/id_ed25519

# present the pubkey for convenience (e.g. if this sops key is new)
echo pubkey: $(cat ~/.ssh/id_ed25519.pub | ssh-to-age)