*: bazelify
diff --git a/tools/secretstore.py b/tools/secretstore.py
new file mode 100644
index 0000000..6b88d28
--- /dev/null
+++ b/tools/secretstore.py
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+# A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable.
+
+import sys
+import subprocess
+
+keys = [
+ "63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k
+ "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf
+]
+
+def main():
+ if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'):
+ sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0]))
+ sys.stderr.flush()
+ return 1
+
+ action = sys.argv[1]
+ src = sys.argv[2]
+
+ if action == 'encrypt':
+ cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', '-']
+ for k in keys:
+ cmd.append('--recipient')
+ cmd.append(k)
+ cmd.append(src)
+ subprocess.check_call(cmd)
+ else:
+ cmd = ['gpg', '--decrypt', '--output', '-', src]
+ subprocess.check_call(cmd)
+
+if __name__ == '__main__':
+ sys.exit(main() or 0)