scripts/encrypt_flux.sh

#!/bin/sh

set -eu

if [ -z "${AGE_KEY_NO_PQ}" ]; then
	echo "unbound variable"
fi
if [ ! -f "${AGE_KEY_NO_PQ}" ]; then
	echo "Error: ${AGE_KEY_NO_PQ} file does not exist"
	exit 1
fi

PUBLIC_KEY=$(age-keygen -y $AGE_KEY_NO_PQ)

SECRETS_ENC_PATH=$HYDRA_SECRETS_PATH
mkdir -p $SECRETS_ENC_PATH
for FILE in $SECRETS_FOLDER/*; do
	FILENAME="${FILE##*/}"
	DEST=$SECRETS_ENC_PATH/$FILENAME

	if [ "$FILENAME" = "kuztomization.yaml" ]; then
		mv $FILE $DEST
		echo "Moving UNENCRYPTED $FILE"
		continue
	fi

	sops --encrypt --in-place $FILE
  echo Moving encrypted file to $DEST
  mv $FILE $DEST
done
feat: implement secret management with SOPS 2026-04-20 19:58:02 -04:00			`#!/bin/sh`

			`set -eu`

Change flux secret from PQ to non PQ 2026-04-21 09:00:26 -04:00			`if [ -z "${AGE_KEY_NO_PQ}" ]; then`
feat: implement secret management with SOPS 2026-04-20 19:58:02 -04:00			`echo "unbound variable"`
			`fi`
Change flux secret from PQ to non PQ 2026-04-21 09:00:26 -04:00			`if [ ! -f "${AGE_KEY_NO_PQ}" ]; then`
			`echo "Error: ${AGE_KEY_NO_PQ} file does not exist"`
feat: implement secret management with SOPS 2026-04-20 19:58:02 -04:00			`exit 1`
			`fi`

Change flux secret from PQ to non PQ 2026-04-21 09:00:26 -04:00			`PUBLIC_KEY=$(age-keygen -y $AGE_KEY_NO_PQ)`
feat: implement secret management with SOPS 2026-04-20 19:58:02 -04:00
			`SECRETS_ENC_PATH=$HYDRA_SECRETS_PATH`
			`mkdir -p $SECRETS_ENC_PATH`
			`for FILE in $SECRETS_FOLDER/*; do`
Add Kuztomization 2026-04-21 10:05:38 -04:00			`FILENAME="${FILE##*/}"`
			`DEST=$SECRETS_ENC_PATH/$FILENAME`

			`if [ "$FILENAME" = "kuztomization.yaml" ]; then`
			`mv $FILE $DEST`
			`echo "Moving UNENCRYPTED $FILE"`
			`continue`
			`fi`
feat: implement secret management with SOPS 2026-04-20 19:58:02 -04:00
Add Kuztomization 2026-04-21 10:05:38 -04:00			`sops --encrypt --in-place $FILE`
feat: implement secret management with SOPS 2026-04-20 19:58:02 -04:00			`echo Moving encrypted file to $DEST`
			`mv $FILE $DEST`
			`done`