#!/usr/bin/env bash
set -e

# -- Default exit status, that should be thrown
# -- when all the secrets are encrypted
EXIT_STATUS=0

for secrets in $(find . -type 'f' -name 'secrets.*'); do
    echo "Checking ${secrets}"
    STATUS=$(sops filestatus $secrets)
    if [[ "${STATUS}" == *"false"* ]]; then
        echo "ERROR: Found an unencrypted secret: $secrets"
        EXIT_STATUS=1
        sops encrypt -i $secrets;
    fi;
done

exit "${EXIT_STATUS}"