chore: encryption file persistence

chore: moves config.d to secrets

.gitignore

@@ -5,5 +5,10 @@ logs/*
 # Don't include secrets in the repository but do include encrypted secrets
 secrets/wp/*.*
 !secrets/wp/*.gpg
+secrets/ssh_config/*.*
+!secrets/ssh_config/*.gpg
 secrets/*.*
 !secrets/*.gpg
+
+# SHA256 hashes of the encrypted secrets
+*.sha256

bin/actions/secrets.sh

@@ -58,25 +58,45 @@ fi
 
 encrypt_folder() {
     for file in $1/*; do
-        # Skip if current file is a .gpg file
+        # Skip if the current file is a .gpg file
         if [[ $file == *.gpg ]]; then
             continue
         fi
 
-        # If file is actually a folder, call this function recursively
+        # Skip if the current file is a .sha256 file
+        if [[ $file == *.sha256 ]]; then
+            continue
+        fi
+
+        # If the file is a directory, call this function recursively
         if [[ -d $file ]]; then
             printfe "%s\n" "cyan" "Encrypting folder $file..."
             encrypt_folder $file
             continue
         fi
 
-        # If the file has a accompanying .gpg file, remove it
+        current_checksum=$(sha256sum "$file" | awk '{ print $1 }')
+        checksum_file="$file.sha256"
+
+        if [[ -f $checksum_file ]]; then
+            previous_checksum=$(cat $checksum_file)
+
+            if [[ $current_checksum == $previous_checksum ]]; then
+                printfe "%s\n" "green" "Skipping unchanged file $file."
+                continue
+            fi
+        fi
+
+        # If the file has an accompanying .gpg file, remove it
         if [[ -f $file.gpg ]]; then
-            rm $file.gpg
+            rm "$file.gpg"
         fi
 
         printfe "%s\n" "cyan" "Encrypting $file..."
-        gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
+        gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output "$file.gpg" "$file"
+
+        # Update checksum file
+        echo $current_checksum > "$checksum_file"
     done
 }
 

config/ssh/config.d

@@ -0,0 +1 @@
+../../secrets/ssh_config/

config/ssh/config.d/dev.conf.gpg

@@ -1,12 +0,0 @@
------BEGIN PGP MESSAGE-----
-
-jA0ECQMKm/AzKi0q3V7/0sCUAebTGfcHRXxdvN29GUe352/Y6ADB+1O7mu4g9a6A
-spDSHgeaiSV/ICdUNf1yPiR0dVA/HzPFQJjT3Dj0CufsW8rutDF3l/5vKiZFItFi
-erMoD1u7BG2Tcrvt3onL61NXQOEK9Ve0tH2Bjzr9YwADahbNCfdZZwUy8dEupfQZ
-Z7+5VnSF5vyphY/MRWe/LWBlH9WvmQBdl16+zulB2mnSMxImQpiSKOV+Rd0gDW2q
-tR8J1XGIVXfsJm+Fw2QE8JBNHZdDCc6fni7+/r94d3DZjmDxaKsbSDaZ1bE7QoIJ
-Eqj8C8vrmvpp6oqWOV+caZ3WXR+/bEgu4vj5qnp//8dDHlS5kDAa/w/gNz3pDR07
-xU6rpR6xvhRnJVT3UqSoR2BG1Mtmru1f+GvlqtrLmVB3O780DMLYB+4iwEwUqwbe
-ZxZxSOp68dAZKhCJKMmWbfBG6A+cvg==
-=t7dp
------END PGP MESSAGE-----

config/ssh/config.d/personal.conf.gpg

@@ -1,8 +0,0 @@
------BEGIN PGP MESSAGE-----
-
-jA0ECQMKNhIT70sZMOD/0pgBTWQU+80GSOLe3lZfQ2UBq0HGzQ8OQMyes+VISUHm
-PKGPQg7Ucx10jz+wMlMbREFzifoYBFMTPU7uww/sD0tzw9yGVmpGOmLggqOhQE2l
-kfH/Pvj5wpQe6TU2G9oLMRoFrPUZgcVKbY0dT68AvpP+Bw26DT5hWuEbhGDTu5af
-Yq+tUg7knjpjYN3xHIfx0Bz8D46xaM1eVg==
-=w3J7
------END PGP MESSAGE-----

config/ssh/config.d/prod.conf.gpg

@@ -1,12 +0,0 @@
------BEGIN PGP MESSAGE-----
-
-jA0ECQMKjmVmn0S8YKv/0sCAAQRhFiWW7RvnACbk2TYVeJvRCPwms2hOGjqRSIkj
-r58yKCHJ82t1l39dWtAem1BHIy+PDUfG12bN3QdldezwBlrC4wXM6b2bRzTJZuWd
-VaPI8N1fCN+6Ayas9yEGHBIR8wgynk5awOZkWgURnY2INfiAcCj+UVsZHEIMWVCo
-Paxi0amvr0l/HMfG7GeOt/CA3VlK67cV4mbHSCP3JOIWoGs17bKwflwQYkbiWC4D
-ouD86Wj4HcYQmckFxRj8tMBEMoclGvOqb0B6dtFvbMCgbAhcyLv7nraxD3LZMhwt
-dCGjR91MA1uNdyqC1xtcvgIicuWnjOiQRCd2GBtBG0jxWjiFePZzKLGRg4TBLE5e
-tWG3/FNWIXVgF9azIyhPI09l8irzlhgaPs+a+tYjKOIoiY3jUIDAh0sU8KzIn9fp
-9W8=
-=N+jV
------END PGP MESSAGE-----

secrets/openai_api_key.secret.gpg

@@ -1,9 +1,9 @@
 -----BEGIN PGP MESSAGE-----
 
-jA0ECQMKS+b6LeVVxwP/0sALAbN6mRsU+/NHMnw9Tdq8UZbwQ3ql/R9DNn8JkW6j
-GnOCNO2lf1YAnS/uxqaU9h2zfmxzKVY87ZXzJZNKhvm3f1tVeCcXj2fUaLHpqTN1
-H2LXni6Ht09K3sdzKpnAdmXfG9wDdqNCXEeZafaVLRpdtbEIrEe8ihukWEt3RjeN
-W2WXipn37AX3JV0AHahCIQEcPrpzbyh6cCwPcbsHmiSCA96QAuOMypuFb0fFjDo4
-DSuhp3VPsWGPxlfJxZAgvCWHtix34urreSTpESk=
-=FTAR
+jA0ECQMKSxNxDZ32rn3/0sAHAX3JksIn3U1fkyCGIUb/2NvEBkP4Ukpw77Q3zUB8
+NsId3hGj+GgzpIrd30YL7LV/FbwwbWFn3PGnGjgpO8rPfTxHKKS+qOMVPotZqu+9
+KS6rXCWcDKfx0MrhrqUF6SaKlUN359Q6/gO7CC5ruPiqJcasXOommAdzyEP0Dzwy
+sVa+uw4R17JqRvxI7/qb4iXZWif7Q2YkgpHL3PeqY1hOYZ6DOvppTslfK+TQcdr8
+QbQmZ14m8/rrAM7GXifnJNifU0gtJDPeoA==
+=oD0J
 -----END PGP MESSAGE-----

secrets/ssh_config/dev.conf.gpg

@@ -0,0 +1,12 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKlRrOWM4y+zr/0sCSAWgz3hTiI0Dmm6Uk3dr1+8rYD/VCQLTxPGm+lVab
+b5gap/XIJpmE+vZQfrff2agVf7qZEo7wE9URd4i0jDUtcmywZAnwd4F7WrwtZYLd
+uf5tXZLcnm04dzRYgw8hFtC8EkbeCDP056xqnIWuVUL8biNWYub0gfInE/F3kqiL
+dqTaHzUZNLoLX28PQR/zVqmzj07YsxDEWIk9ctnDM+izjQ2voFzhlpdnX7EdwO0D
+XR7KGqQGrVJK72rNbXBcffkYWPSWXD27ZuL8R+qmfk1wJuz4yu3qdfeVFRKnUHbt
+kViGG9bToYXLOvz4w6Awge9gSyhICEyEgf11KTk9MMzMKuKVB0X0D3fYk+FFdF7G
+dhDL/S1LRtVMbShr56vWFhmZsM3SwajCg/gv/JyQwgpQ3QTcu4KZMWDSTa60zIzn
+bufljeENyrFA9Mw/y8DS40wzclY=
+=oQon
+-----END PGP MESSAGE-----

secrets/ssh_config/dev.conf.sha256.gpg

@@ -0,0 +1,7 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKiy4Nv2diz1L/0n0B9YXC+sd2ZuLLk4gakrZ37JHdNrjydQKdaAoZJotx
+L84+bEMRDJhW9Qfg5i6W8jFhpKJn79bkga+uVI4WC2Kfuh/eFwRfC2IgyYlNOwwf
+3Fj7oVP01BS/gCx3ZK3qzpmAyTKCHgIA4cbMyUUIN+B72aUCNSLpHgW18NyYPg==
+=CtAQ
+-----END PGP MESSAGE-----

secrets/ssh_config/personal.conf.gpg

@@ -0,0 +1,8 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKJE2IlvHJJ37/0pcBQTlz+ukJRl33A3TQS0HkRnhYg1x1nxpMHzsxuWCY
+sUmRrghH8rXYdmCmxYYqiRpHbyI1vutY7is/+ZFGzbEfSMlGJL53Dv9d5A1L4Fsd
++SVwGWxpyUKQVmzwmGWtC82qcmKD3aSFPfh/AUT/3cG9bKYWgU1rBox+weTPfFxQ
+r+f1BPRGVsohXe1nlKTNejLLqEOlG8wX
+=8XVe
+-----END PGP MESSAGE-----

secrets/ssh_config/personal.conf.sha256.gpg

@@ -0,0 +1,8 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKcWM9DJZo52T/0oEB/CTpWvSxoSY566DFW/XZcnmJvuBqBx2boW150XbX
+7wsnnEWUWpQ/UalQSQJNy7CW6Q94O5JYGlPzL//dcKMfaAzhTZedjyAvHl1eReku
+mWneESJsfKYeBcGI9vE31JxWdLFwATPb7SrxPSXoyFNThZ7pykoJz0P/Z2tPB/dV
+8ao=
+=zytx
+-----END PGP MESSAGE-----

secrets/ssh_config/prod.conf.gpg

@@ -0,0 +1,11 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKKNoxBjYxkO3/0sB+AQjK8mXF2WzomgXMknTLHRJONZbMD4n5RyNNLZk+
+s5n4rbBlN1vVOlKgUr0BFlZ02RloUWgSK/Z1CeWUCGRaaeIGAvXyZolT7B3Dv7CV
+YnUig7/Z3LMIE2iN4qI68TqsMtpu5pPn9d2voMROXZDuXAP/02iK++Py5/EhoWxP
+qGy2CXXSR6HtrEyCNwefDFhiAoG5T5ti22s5jA9Fsv2fZX98BeLQZf07+bgZdDki
+Ss0Z4iWjT1mDkvuRuQHMY8742ImNJQFHASZY6nyBru6CVE8I8ZgRV3kt/lC6DD+R
+N4CXoVbtNztDvbewtcXOm2SkFPZ2LM1MmI3/IaaehZirIWhLVaqCjKE/Zyonaa1G
+OsCGKYyguPXVElYGn6s/RHdoynAjc4slLnh0B4Q8UrXl+2u0nmrJq1FDmBVYsC6P
+=YBPr
+-----END PGP MESSAGE-----

secrets/ssh_config/prod.conf.sha256.gpg

@@ -0,0 +1,7 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKnxgT3zfZNDr/0n4BSbdAYT0jtdUjek36109dEDI7XQ4ghw05IKT7f4GK
+CXlPIZxc5IBoej0rNzQgFKwCFNfHPgCIjHcHRCSymvPV8HUPmeWpVhdAYtG8nm5Q
+lRNZDP2GGiuLzv4Rxc4GK/LvnIMJubOKsRpjb8XJPNVF3mb96tWOAqRTvU1pXTQ=
+=52xU
+-----END PGP MESSAGE-----