2026-05-22 22:25:40 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
2026-06-05 17:33:52 +02:00
|
|
|
SOPS_SENTINEL="${SOPS_SENTINEL:-}"
|
2026-05-22 22:25:40 +02:00
|
|
|
SOPS_AGE_KEY_FILE="${SOPS_AGE_KEY_FILE:-$HOME/.config/sops/age/keys.txt}"
|
|
|
|
|
|
2026-06-05 17:33:52 +02:00
|
|
|
if [[ -z "$SOPS_SENTINEL" ]]; then
|
|
|
|
|
echo "ERROR: SOPS_SENTINEL is not set" >&2
|
|
|
|
|
echo "Set SOPS_SENTINEL to the encrypted file you want to verify." >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2026-05-22 22:25:40 +02:00
|
|
|
if ! command -v sops >/dev/null 2>&1; then
|
|
|
|
|
echo "ERROR: sops is not installed" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [[ ! -s "$SOPS_AGE_KEY_FILE" ]]; then
|
|
|
|
|
echo "ERROR: SOPS age key file is missing or empty: $SOPS_AGE_KEY_FILE" >&2
|
|
|
|
|
echo "Place the operator age identity there, or set SOPS_AGE_KEY_FILE to its path." >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [[ ! -f "$SOPS_SENTINEL" ]]; then
|
|
|
|
|
echo "ERROR: sentinel file does not exist: $SOPS_SENTINEL" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
sops -d "$SOPS_SENTINEL" >/dev/null
|
|
|
|
|
echo "ok: decrypted $SOPS_SENTINEL with $SOPS_AGE_KEY_FILE"
|