amaya382/seal.sh

## seal.sh
#!/bin/bash -eu

# Prerequisites: helm-client, kubeseal, yq, GNU grep, and GNU sed

# $1: chart
# $2: values file
# $3: chart name

cat << EOF > $1/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}
type: Opaque
data:
{{- range \$i, \$e := .Values.secrets }}
  {{ \$e.name }}: {{ \$e.value | b64enc -}}
{{ end }}
EOF

for kv in $(yq -y '.spec.encryptedData' <(helm template -x templates/secret.yaml --name $3 -f $2 $1 | kubeseal --format yaml) | sed 's/ //g'); do
  k="${kv%:*}"
  v="${kv#*:}"
  orig=$(cat "$2" | grep -A 1 "name: $k" | grep -oP '(?<=  value: ).+')

  echo "overwrite: $k"
  sed -i'' "/^- name: $k$/,/^  value: .\+$/c- name: $k\n  value: $v" "$2"
done

rm $1/templates/secret.yaml
	#!/bin/bash -eu

	# Prerequisites: helm-client, kubeseal, yq, GNU grep, and GNU sed

	# $1: chart
	# $2: values file
	# $3: chart name

	cat << EOF > $1/templates/secret.yaml
	apiVersion: v1
	kind: Secret
	metadata:
	name: {{ .Release.Name }}
	type: Opaque
	data:
	{{- range \$i, \$e := .Values.secrets }}
	{{ \$e.name }}: {{ \$e.value \| b64enc -}}
	{{ end }}
	EOF

	for kv in $(yq -y '.spec.encryptedData' <(helm template -x templates/secret.yaml --name $3 -f $2 $1 \| kubeseal --format yaml) \| sed 's/ //g'); do
	k="${kv%:*}"
	v="${kv#*:}"
	orig=$(cat "$2" \| grep -A 1 "name: $k" \| grep -oP '(?<= value: ).+')

	echo "overwrite: $k"
	sed -i'' "/^- name: $k$/,/^ value: .\+$/c- name: $k\n value: $v" "$2"
	done

	rm $1/templates/secret.yaml