From f2923c3eda10042731b23a747ba0f383ae8c91e9 Mon Sep 17 00:00:00 2001 From: Scott Stanton Date: Thu, 31 Jan 2019 18:05:16 -0800 Subject: [PATCH] walk up the path to find .sops.yaml --- secrets.sh | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/secrets.sh b/secrets.sh index da3981c..41bf56a 100755 --- a/secrets.sh +++ b/secrets.sh @@ -208,12 +208,21 @@ is_help() { esac } +find_sops() { + cd $(dirname "$1") + while [[ "$PWD" != "/" && ! -e ".sops.yaml" ]]; do + cd .. + done + [[ -e ".sops.yaml" ]] || { echo "Unable to find .sops.yaml"; exit 1; } + echo "$PWD" +} + encrypt_helper() { - local dir=$(dirname "$1") - local yml=$(basename "$1") - cd "$dir" - [[ -e "$yml" ]] || { echo "File does not exist: $dir/$yml"; exit 1; } + local sops_dir=$(find_sops "$1") + local yml=$(realpath --relative-to $(find_sops "$1") $(realpath "$1")) local ymldec=$(sed -e "s/\\.yaml$/${DEC_SUFFIX}/" <<<"$yml") + cd "$sops_dir" + [[ -e $ymldec ]] || ymldec="$yml" if [[ $(grep -C10000 'sops:' "$ymldec" | grep -c 'version:') -gt 0 ]] @@ -250,8 +259,6 @@ enc() { # Name references ("declare -n" and "local -n") are a Bash 4 feature. # For previous versions, work around using eval. decrypt_helper() { - local yml="$1" __ymldec __dec - if [[ ${BASH_VERSINFO[0]} -lt 4 ]] then local __ymldec_var='' __dec_var='' @@ -275,7 +282,11 @@ decrypt_helper() { then echo "$__ymldec is newer than $yml" else - sops --decrypt --input-type yaml --output-type yaml "$yml" > "$__ymldec" || { rm "$__ymldec"; exit 1; } + local sops_dir=$(find_sops "$1") + (yml=$(realpath --relative-to "$sops_dir" $(realpath "$yml")); + __ymldec=$(realpath --relative-to "$sops_dir" $(realpath "$__ymldec")); + cd "$sops_dir"; + sops --decrypt --input-type yaml --output-type yaml "$yml" > "$__ymldec" || { rm "$__ymldec"; exit 1; }) __dec=1 fi fi