#!/bin/bash

if [ -z "$1" ]; then
  echo "Usage: $0 <environment>"
  exit 1
fi
NAME="$1"
shift

keyids=$("${BASH_SOURCE%/*}/list-keys.sh" "$NAME" --with-colons --fast-list-mode 2>/dev/null | awk -F: '/^pub/{printf "%s\n", $5}')
if [ -z "$keyids" ]; then
  echo "ERROR: no keys to encrypt to, is the keyring empty?"
  exit 1
fi

receipients=""
for keyid in $keyids; do
  receipients="$receipients -r $keyid"
done


"${BASH_SOURCE%/*}/gpg2.sh" "$NAME" --yes --trust-model always --encrypt -a -o "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg.$$" $receipients
if [ $? -ne 0 ]; then
  rm -f "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg.$$"
  exit 1
fi
mv "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg.$$" "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg"