# This deo uses an alpine sandbox in a docker container in interactive mode
# ran with:
#    docker run --rm -it alpine
#
# if you run it on your own system you should use your own package manager, 
# and expect $HOME/.config/sops/age/keys.txt 
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

echo "1. Installing packages: curl, age";
apk add curl age;

echo "2. Installing sops binary and make it runnable";
curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops && chmod +x /usr/bin/sops;

echo "3. create age encryption key, and extract the public key as AGE_PUB_KEY";
mkdir -p $HOME/.config/sops/age/;
age-keygen > $HOME/.config/sops/age/keys.txt;
chmod 600 $HOME/.config/sops/age/keys.txt;
AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);

echo "4. create a demo .env file";
# NOTE: it works with yaml, json, ini, and more
#   (it relays on file suffix, but you can specify it explicitly using --input-type)
cat << EOF > source.env
USERNAME=the-user
PASSWORD=the-password<shhhh!!!!!>
EOF

echo "5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
sops -e -age $AGE_KEY source.env | tee encrypted.env;

echo "6. decrypt and compare with source";
sops -d encrypted.env > decrypted.env;

echo "7. test results:";
if diff source.env decrypted.env; then
  echo "     Success - The result is THE SAME :) ";
else
  echo "     It did not work - the result is NOT THE SAME :o";
  exit 1;
fi;