blob: 51d8c079ca88a56a59b5381991c18da01dd4e8bd (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/bash
if [ -z "$1" ]; then
echo "Usage: $0 <environment> [ <key-id> [ <key-id> [ .. ] ] ]"
exit 1
fi
NAME="$1"
shift
if [ -z "$1" ]; then
echo "Please specify at least one key ID!"
echo ""
echo "You can find out the key ID using the command: ${0%/*}/list-keys.sh $NAME"
echo ""
echo " Here is an example output:"
echo ""
echo " pub rsa4096/0x1234567812345678 2017-01-01 [SC] [expires: 2019-01-01]"
echo " Key fingerprint = 1234 5678 1234 5678 1234 5678 1234 5678 1234 5678"
echo " uid [ unknown] Firstname Lastname <lastname@example.com>"
echo " sub rsa4096/0x8765432187654321 2017-01-01 [E] [expires: 2019-01-01]"
echo ""
echo " The key ID is the hexadecimal number next to rsa4096/ in the line"
echo " starting with pub (not sub). In this case the key ID is: 0x1234567812345678"
echo ""
exit 1
fi
"${BASH_SOURCE%/*}/gpg2.sh" $NAME --delete-keys $@
if [ $? -ne 0 ]; then
echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file ${0%/*}/vault-keyring-$NAME.gpg."
exit 1
fi
echo ""
"${BASH_SOURCE%/*}/get-vault-pass-$NAME" | "${BASH_SOURCE%/*}/set-vault-pass.sh" "$NAME"
if [ $? -ne 0 ]; then
echo -e "\nERROR: reencrypting vault password file failed!"
echo " You might want to revert any changes on ${0%/*}/vault-pass-$NAME.gpg and ${0%/*}/vault-keyring-$NAME.gpg!!"
exit 1
fi
echo "Successfully reencrypted vault password file!"
echo " Don't forget to commit the changes in ${0%/*}/vault-pass-$NAME.gpg and ${0%/*}/vault-keyring-$NAME.gpg."
|
