summaryrefslogtreecommitdiff
path: root/gpg/remove-keys.sh
blob: d5fd93c3f7da3cd95cf3de5dc365c70ce97f4c80 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash

if [ -z "$1" ]; then
  echo "Usage: $0 <environment> [ <key-id> [ <key-id> [ .. ] ] ]"
  exit 1
fi
NAME="$1"
shift

if [ -z "$1" ]; then
  echo "Please specify at least one key ID!"
  echo ""
  echo "You can find out the key ID using the command: ${0%/*}/list-keys.sh $NAME"
  echo ""
  echo " Here is an example output:"
  echo ""
  echo "   pub   rsa4096/0x1234567812345678 2017-01-01 [SC] [expires: 2019-01-01]"
  echo "         Key fingerprint = 1234 5678 1234 5678 1234  5678 1234 5678 1234 5678"
  echo "   uid                   [ unknown] Firstname Lastname <lastname@example.com>"
  echo "   sub   rsa4096/0x8765432187654321 2017-01-01 [E] [expires: 2019-01-01]"
  echo ""
  echo " The key ID is the hexadecimal number next to rsa4096/ in the line"
  echo " starting with pub (not sub). In this case the key ID is: 0x1234567812345678"
  echo ""
  exit 1
fi

"${BASH_SOURCE%/*}/gpg2.sh" $NAME --delete-keys $@
if [ $? -ne 0 ]; then
  echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file gpg/vault-keyring-$NAME.gpg."
  exit 1
fi

echo ""
"${BASH_SOURCE%/*}/get-vault-pass-$NAME" | "${BASH_SOURCE%/*}/set-vault-pass.sh" "$NAME"
if [ $? -ne 0 ]; then
  echo -e "\nERROR: reencrypting vault password file failed!"
  echo "   You might want to revert any changes on gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg!!"
  exit 1
fi
echo "Successfully reencrypted vault password file!"
echo "  Don't forget to commit the changes in gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg."