20 lines
868 B
Bash
Executable file
20 lines
868 B
Bash
Executable file
#!/bin/bash
|
|
|
|
export SOPS_AGE_KEY_FILE=wbc-dev-cluster-base.age-key
|
|
|
|
echo "WARNING: THIS SHOULD ONLY BE DONE ONCE!!!"
|
|
echo "This script creates the secrets, encrypts them using sops with a new age key which should be then stored in vaultwarden."
|
|
echo "You almost certainly don't want to do this, and instead want to download the age key from vaultwarden."
|
|
|
|
age-keygen -o ${SOPS_AGE_KEY_FILE}
|
|
|
|
export SOPS_AGE_RECIPIENT=$(grep '^# public key:' ${SOPS_AGE_KEY_FILE} | sed s/'.* age'/age/g)
|
|
|
|
talosctl gen secrets -o secrets.yaml
|
|
sops encrypt --age $SOPS_AGE_RECIPIENT secrets.yaml > secrets.enc.yaml
|
|
rm secrets.yaml
|
|
mv secrets.enc.yaml secrets.yaml
|
|
|
|
echo 'SECRETS CREATED, PLEASE UPDATE VAULTWARDEN :'
|
|
echo '- secrets.yaml - used by talosctl - safe to commit to git, encrypted by :'
|
|
echo '- wbc-dev-cluster-base.age-key - used by sops - DO NOT COMMIT! Put in Vaultwarden'
|