#!/bin/sh

# import the PGP key for the right environment
if [ "$PICA_ENVIRONMENT" = "TEST" ];
then
    echo "$PRIVATE_GPG_KEY_TEST" > /tmp/pgp-key
elif [ "$PICA_ENVIRONMENT" = "PRODUCTION" ];
then
    echo "$PRIVATE_GPG_KEY_PRODUCTION" > /tmp/pgp-key
else
    exit -1
fi
cat  /tmp/pgp-key | gpg --import

# decrypt the secrets
SECRETS_PATH=$MODIFIED_IMAGE/secrets/encrypted-variables-$(echo $PICA_ENVIRONMENT | tr '[:upper:]' '[:lower:]')
echo $SECRETS_PATH

for container_secrets_folder in $SECRETS_PATH/*;
do
    CONTAINER_NAME=$(basename $container_secrets_folder)
    for encrypted_secret in $container_secrets_folder/*;
    do
        SECRET_NAME=$(basename $encrypted_secret) 
        ( echo -n "$SECRET_NAME=" ; gpg --quiet  --decrypt  $encrypted_secret ) >> $MODIFIED_IMAGE/secrets/$CONTAINER_NAME.secrets
    done
done

ls -al pica-etherpad/secrets/