Skip to content

Instantly share code, notes, and snippets.

@koss822

koss822/hash-sops.sh

Created May 5, 2024 22:27
Show Gist options
  • Save koss822/fb42e5690e4d4a5f9c6c95e560f827a6 to your computer and use it in GitHub Desktop.
Save koss822/fb42e5690e4d4a5f9c6c95e560f827a6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hash-sops.sh
# Assume 'secrets.yaml' is the file containing sensitive content
PRE_CHANGE_HASH=$(sha256sum secrets.yaml | awk '{print $1}')
# Performing operations that might change secrets.yaml
POST_CHANGE_HASH=$(sha256sum secrets.yaml | awk '{print $1}')
if [ "$PRE_CHANGE_HASH" != "$POST_CHANGE_HASH" ]; then
sops --encrypt --age $(cat age.pub) secrets.yaml > secrets.enc.yaml
echo "Encrypted secrets as contents have changed."
else
echo "No change in secrets detected, skipping encryption."
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment