refactor(scripts): convert scripts/encrypt-secret to Python

2025-08-14 19:57:04 +05:30 · 2023-08-03 12:21:43 +05:30 · 2023-08-03 12:21:43 +05:30 · 69f63cced4
commit 69f63cced4
parent 1e0cc062d5
2 changed files with 31 additions and 18 deletions
--- a/scripts/encrypt-secret.py
+++ b/scripts/encrypt-secret.py
@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+import sys
+import subprocess
+import shutil
+from pathlib import Path
+
+
+def main():
+    if len(sys.argv) != 4:
+        raise RuntimeError(
+            "USAGE: encrypt-secret.py <input file> <output file> <encryption key>"
+        )
+    input_file = Path(sys.argv[1])
+    output_file = Path(sys.argv[2])
+    age_key = sys.argv[3]
+    if shutil.which("age") is None:
+        raise RuntimeError("age not installed")
+    if not input_file.exists():
+        raise RuntimeError(f"Input file '{input_file.name}' does not exist")
+    recipient = subprocess.run(
+        ["age-keygen", "-y"], capture_output=True, text=True, input=age_key
+    ).stdout.strip()
+    subprocess.run(
+        ["age", "--encrypt", "-r", recipient, "-o", output_file],
+        input=input_file.read_bytes(),
+    )
+
+
+if __name__ == "__main__":
+    main()
--- a/scripts/encrypt-secret.sh
+++ b/scripts/encrypt-secret.sh
@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-INPUT_FILE="${1:-}"
-OUTPUT_FILE="${2:-}"
-AGE_KEY="${3:-}"
-
-if ! command -v age 1>/dev/null; then
-  echo "age not installed"
-  exit 1
-fi
-
-if [[ -n "$AGE_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then
-  age --encrypt -r "$(echo "${AGE_KEY}" | age-keygen -y)" -o "${OUTPUT_FILE}" < "${INPUT_FILE}"
-else
-  echo "Usage: ./encrypt-secret.sh <input file> <output file> <encryption key>"
-fi