[DO-1236] Reencrypt files with new keys and small fixes script (!23)

DO-1236 Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech> Reviewed-on: https://git.avroid.tech/DevOps/secrets/pulls/23
2025-01-15 17:37:01 +03:00
parent 795b5431e7
commit 240422d037
63 changed files with 4653 additions and 3791 deletions
--- a/gpg-tool.sh
+++ b/gpg-tool.sh
@@ -42,22 +42,24 @@ function import_keys {
 }

 function get_recipients {
+    local ALL_KEYS
    for i in "${SCRIPT_PATH:?}"/keys/*.pub; do
-        allKeys+="--recipient $(gpg --import "$i" 2>&1 | head -1 | awk '{print $3}' | sed 's/.$//') "
+        ALL_KEYS+="--recipient $(gpg --import "$i" 2>&1 | head -1 | awk '{print $3}' | sed 's/.$//') "
    done
-    echo "$allKeys"
+    echo "${ALL_KEYS}"
 }

 function encrypt {
-    local PUBKEYS
-    PUBKEYS=$(get_recipients)
+    local PUBLIC_KEYS
+    PUBLIC_KEYS=$(get_recipients)
    local FILE="$1"
-    gpg --encrypt-files --trust-model always "${PUBKEYS}" --armor "$FILE"
+    # shellcheck disable=SC2086
+    gpg --encrypt-files --trust-model always ${PUBLIC_KEYS} --armor "${FILE}"
 }

 function reencrypt {
-    local PUBKEYS
-    PUBKEYS=$(get_recipients)
+    local PUBLIC_KEYS
+    PUBLIC_KEYS=$(get_recipients)
    local CHECK_REMOVE
    local DIR="$1"
    local LIST_FILES_ASC
@@ -76,7 +78,8 @@ function reencrypt {
    echo -e "\n"
    read -r -p 'Reencrypt decrypted files. Are you sure (y/N): ' CHECK_REENCRYPT
    if [ "${CHECK_REENCRYPT}" == "y" ] || [ "${CHECK_REENCRYPT}" == "Y" ]; then
-        echo "${LIST_FILES}" | gpg --encrypt-files --trust-model always "${PUBKEYS}" --armor --yes
+        # shellcheck disable=SC2086
+        echo "${LIST_FILES}" | gpg --encrypt-files --trust-model always ${PUBLIC_KEYS} --armor --yes
    fi

    echo -e "\nList decrypted files for remove:\n${LIST_FILES}\n"