| garciadeblas | 8d8cd99 | 2024-05-21 16:04:14 +0200 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | ####################################################################################### |
| 3 | # Copyright ETSI Contributors and Others. |
| 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
| 14 | # implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
| 17 | ####################################################################################### |
| 18 | |
| 19 | |
| 20 | # Helper function to encrypt secrets in-place in manifest file |
| 21 | function encrypt_secret_inplace() { |
| 22 | local FILE="$1" |
| 23 | local AGE_KEY_NAME=${AGE_KEY_NAME_MGMT:-"$2"} |
| 24 | |
| 25 | # Load the contents of both keys |
| 26 | local PUBLIC_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.pub") |
| 27 | # local PRIVATE_KEY=$(<"${CREDENTIALS_DIR}/${AGE_KEY_NAME}.key") |
| 28 | |
| 29 | sops \ |
| 30 | --age=${PUBLIC_KEY} \ |
| 31 | --encrypt \ |
| 32 | --encrypted-regex '^(data|stringData)$' \ |
| 33 | --in-place "${FILE}" |
| 34 | } |