Implement agebox flow in Makefile

2022-04-14 17:25:41 +02:00 · 2022-04-14 17:25:41 +02:00 · d996397619
commit d996397619
parent 97d66abd84
1 changed files with 15 additions and 0 deletions
--- a/15
+++ b/15
@ -10,3 +10,18 @@ build:

 clean:
 	rm -rf alpine-cloud-images/work
+
+# Adds all tracked encrypted files to .gitignore as safety net
+age-add-gitignore:
+	@for f in $$(yq eval .file_ids[] .ageboxreg.yml); do grep -qxF $$f .gitignore || echo $$f >> .gitignore; done
+
+# Decrypts all secrets, which also removes the .agebox files locally and they show as "deleted" for now
+# This is a design choice of the agebox devs atm
+age-unseal:
+	@agebox decrypt --all
+
+# Encrypts all secrets, but compares the local unencrypted files with the decrypted content from the index first
+# If there are no diffs, just restore the agebox file from the index and delete the unaltered local unencrypted file
+# If there are changes re-encrypt
+age-seal:
+	@for f in $$(yq eval .file_ids[] .ageboxreg.yml); do git restore $${f}.agebox; agebox cat $$f.agebox | diff - $$f && rm -f $$f || ( rm -f $$f.agebox; agebox encrypt $$f --public-keys .agekeys; ); done