| #!/bin/bash |
| ####################################################################################### |
| # Copyright ETSI Contributors and Others. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
| # implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| ####################################################################################### |
| |
| |
| # Helper function to encrypt secrets in-place in manifest file |
| function encrypt_secret_inplace() { |
| local FILE="$1" |
| local AGE_KEY_NAME=${AGE_KEY_NAME_MGMT:-"$2"} |
| |
| # Load the contents of both keys |
| local PUBLIC_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub") |
| # local PRIVATE_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key") |
| |
| sops \ |
| --age=${PUBLIC_KEY} \ |
| --encrypt \ |
| --encrypted-regex '^(data|stringData)$' \ |
| --in-place "${FILE}" |
| } |