# This deo uses an alpine sandbox in a docker container in interactive mode
# ran with:
#    docker run --rm -it alpine
#
# if you run it on your own system you should use your own package manager, 
# and expect $HOME/.config/sops/age/keys.txt 
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

echo "
Installing packages: curl, age
-----------------------------------
";
apk add curl age;

echo "
Installing sops binary
-----------------------------------
";
curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops;
chmod +x /usr/bin/sops;

echo "
create age encryption key, and extract the public key as AGE_PUB_KEY 
-----------------------------------
";

mkdir -p $HOME/.config/sops/age/;
age-keygen > $HOME/.config/sops/age/keys.txt;
chmod 600 $HOME/.config/sops/age/keys.txt;
AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);

echo "
create a demo .env file 
 NOTE: it works with yaml, json, ini, and more
   (it relays on file suffix, but you can specify it explicitly using --input-type)
-----------------------------------
";
cat << EOF > source.env
USERNAME=the-user
PASSWORD=the-password<shhhh!!!!!>
EOF

echo "
use sops to encrypt `source.env` with Age, show the encrypted output on screen
and save it as `encrypted.env` 
-----------------------------------
";
sops -e -age $AGE_KEY source.env | tee encrypted.env;

echo "
decrypt and compare with source
-----------------------------------
";

sops -d encrypted.env > decrypted.env;

if diff source.env decrypted.env; then
  echo "
     Success - The result is THE SAME :)
  ";
else
  echo "
      It did not work - the result is NOT THE SAME :o
  ";
fi;