#!/usr/bin/env python3

# A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable.

import sys
import subprocess

keys = [
    "63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k
    "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf
]

def main():
    if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'):
        sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0]))
        sys.stderr.flush()
        return 1

    action = sys.argv[1]
    src = sys.argv[2]

    if action == 'encrypt':
        cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', '-']
        for k in keys:
            cmd.append('--recipient')
            cmd.append(k)
        cmd.append(src)
        subprocess.check_call(cmd)
    else:
        cmd = ['gpg', '--decrypt', '--output', '-', src]
        subprocess.check_call(cmd)

if __name__ == '__main__':
    sys.exit(main() or 0)