_sopsAddKey() { @gpg@ --quiet --import "$key" local fpr # only add the first fingerprint, this way we ignore subkeys fpr=$(@gpg@ --with-fingerprint --with-colons --show-key "$key" \ | awk -F: '$1 == "fpr" { print $10; exit }') } sopsImportKeysHook() { local key dir if [ -n "${sopsCreateGPGHome}" ]; then export GNUPGHOME=${sopsGPGHome:-$(pwd)/.git/gnupg} mkdir -m 700 -p $GNUPGHOME fi for key in ${sopsPGPKeys-}; do if [[ -f "$key" ]]; then _sopsAddKey "$key" else echo "$key does not exists" >&2 fi done for dir in ${sopsPGPKeyDirs-}; do while IFS= read -r -d '' key; do _sopsAddKey "$key" done < <(find -L "$dir" -type f \( -name '*.gpg' -o -name '*.asc' \) -print0) done } if [ -z "${shellHook-}" ]; then shellHook=sopsImportKeysHook else shellHook="sopsImportKeysHook;${shellHook}" fi