#!/usr/bin/env bash
set -euo pipefail

mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txt
chmod 600 ~/.config/sops/age/keys.txt

echo "Public recipient:" >&2
grep '^# public key:' ~/.config/sops/age/keys.txt >&2

echo >&2
echo "Create .sops.yaml with that recipient, then encrypt in place:" >&2
echo "  sops encrypt -i secrets/app.enc.yaml" >&2