# This demo uses an alpine sandbox in a docker container in interactive mode
# ran with:
#    docker run --rm -it alpine
#
# if you run it on your own system:
#  1. you should use your own package manager instead of `apk`
#  2. expect the following left overs:
#    - installed binaries (age, age-keygen, curl, sops)
#    - $HOME/.config/sops/age/keys.txt 
#    - demo files: source.env, encrypted.env, decrypted.env
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

echo "
1. Installing packages: age";
apk add age;

echo "
2. Installing sops binary and make it runnable";
wget https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux -O /usr/bin/sops && chmod +x /usr/bin/sops;

echo "
3. create age encryption key, and extract the public key as AGE_PUB_KEY";
mkdir -p $HOME/.config/sops/age/;
age-keygen > $HOME/.config/sops/age/keys.txt;
chmod 600 $HOME/.config/sops/age/keys.txt;
AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);

echo "
4. create a demo .env file";
# NOTE: it works with yaml, json, ini, and more
#   (it relays on file suffix, but you can specify it explicitly using --input-type)
cat << EOF > source.env
USERNAME=the-user
PASSWORD=the-password<shhhh!!!!!>
EOF

echo "
5. use sops to encrypt 'source.env' with Age, show the encrypted output on screen and save it as 'encrypted.env'";
sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;

echo "
6. decrypt to compare result with 'source.env'";
sops -d encrypted.env > decrypted.env;

echo "
7. test results:";
if diff source.env decrypted.env; then
  echo "     Success - The result is THE SAME :) ";
else
  echo "     It did not work - the result is NOT THE SAME :o";
  exit 1;
fi;

# NOTE:
#  now that your keys are set and you have an encrypted file,
#  you call: 
#     sops encrypted.env
#  this will open it in your default editor.
#  if you make changes - it will save your edits after encrypting the values
#  (after which the `diff` above will no longer work)