dotfiles/apps/reencrypt-secrets.nix

28 lines
769 B
Nix
Raw Permalink Normal View History

2024-04-20 13:42:06 +00:00
{ pkgs, ... }:
{
2022-10-16 01:32:39 +00:00
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
type = "app";
2024-04-20 13:42:06 +00:00
program = builtins.toString (
pkgs.writeShellScript "reencrypt-secrets" ''
if [ $# -eq 0 ]; then
echo "Must provide directory to reencrypt."
exit 1
fi
encrypted=$1
for encryptedfile in ''${1}/*; do
tmpfile=$(mktemp)
echo "Decrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --decrypt \
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile
rm $tmpfile
done
echo "Finished."
''
);
2022-10-16 01:32:39 +00:00
}