#!/usr/bin/env python3

# A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable.

import sys
import subprocess

keys = [
    "63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k
    "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf
]

def encrypt(src, dst):
    cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst]
    for k in keys:
        cmd.append('--recipient')
        cmd.append(k)
    cmd.append(src)
    subprocess.check_call(cmd)

def decrypt(src, dst):
    cmd = ['gpg', '--decrypt', '--output', dst, src]
    subprocess.check_call(cmd)

def main():
    if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'):
        sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0]))
        sys.stderr.flush()
        return 1

    action = sys.argv[1]
    src = sys.argv[2]

    if action == 'encrypt':
        encrypt(src, '-')
    else:
        decrypt(src, '-')

if __name__ == '__main__':
    sys.exit(main() or 0)