--rekey should accept list of files or only change files that need to be updated

Question

--rekey should accept list of files or only change files that need to be updated

Gerschtli opened this issue 3 years ago · comments

Hey,

I will shortly explain a use case: I have two systems, each of them has two secrets. If I change the key for system A, I want to run rekey and only update the secrets that are affected by the change of the key of system A. Currently, all four secrets will be updated.

├── system-a/
│   ├── secret-1
│   └── secret-2
└── system-b/
    ├── secret-1
    └── secret-2

Is it possible for agenix to recognize that only two of the four secrets should be updated?
If not, could you add a possibility that the CLI accepts multiple files instead of only one? (like agenix -r secrets/a secrets/b)

Cole Helbling · Answer 1 · Mon Nov 29 2021 07:38:26 GMT+0800 (China Standard Time)

"Smartly" detecting which secrets should be updated is not something I want to (attempt to) support.

Is for secret in system-a/**; do agenix -r "$secret"; done not a good solution for you? I'm hesitant to allow working with multiple paths (and by extension, rekeying them) because agenix only supports working on one path at a time at the moment.

Tobias Happ · Answer 2 · Mon Nov 29 2021 14:22:58 GMT+0800 (China Standard Time)

I am fine with the for loop, just thought it would be a good improvement for the CLI to be more user friendly and flexible.