-
Notifications
You must be signed in to change notification settings - Fork 6
/
main_tool.cue
68 lines (64 loc) · 1.37 KB
/
main_tool.cue
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package main
import (
"strings"
"tool/cli"
"tool/exec"
"tool/file"
)
sops: marker: "\"data\": \"ENC["
// The seal command encrypts with SOPS all CUE files with the extension '.secrets.cue'.
command: seal: {
gitRoot: exec.Run & {
cmd: ["git", "rev-parse", "--show-toplevel"]
stdout: string
path: strings.TrimSpace(stdout)
}
list: file.Glob & {
glob: "\(gitRoot.path)/**/**/*.secrets.cue"
}
for _, filepath in list.files {
(filepath): {
secret: file.Read & {
filename: filepath
contents: string
}
if !strings.Contains(secret.contents, sops.marker) {
print: cli.Print & {
text: "seal \(filepath)"
}
sops: exec.Run & {
$after: print
cmd: [ "sops", "-e", "-i", filepath]
}
}
}
}
}
// The unseal command decrypts with SOPS all CUE files with the extension '.secrets.cue'.
command: unseal: {
gitRoot: exec.Run & {
cmd: ["git", "rev-parse", "--show-toplevel"]
stdout: string
path: strings.TrimSpace(stdout)
}
list: file.Glob & {
glob: "\(gitRoot.path)/**/**/*.secrets.cue"
}
for _, filepath in list.files {
(filepath): {
secret: file.Read & {
filename: filepath
contents: string
}
if strings.Contains(secret.contents, sops.marker) {
print: cli.Print & {
text: "unseal \(filepath)"
}
sops: exec.Run & {
$after: print
cmd: [ "sops", "-d", "-i", filepath]
}
}
}
}
}