#!/bin/sh
usage()
{
	printf "Usage: %s newkey\n" "${0##*/}" >&2
	exit 1
}

err()
{
	printf "%s: %s\n" "${0##*/}" "$*" >&2
	exit 1
}

newsekrit()
{
	SEKRIT_DIR="$newdir" SEKRIT_GPG_ID="$newkey" sekrit "$@"
}

[ $# -eq 1 ] || usage
newkey=$1
gpg2 -k "$newkey" >/dev/null || err "Can't find key \"$newkey\""

umask 077
newdir=$(mktemp -dt sekrit-XXXXXXXXXX) ||
    err "Failed to create temporary directory"
scratch=$(mktemp -tp "$newdir" .sekrit-scratch-XXXXXXXXXX) ||
    err "Failed to create scratch file"
trap 'rm -fr -- "$scratch" "$newdir"' INT QUIT TERM

for entry in $(sekrit ls | grep -v ^DONE); do
	printf "%s... " "$entry"
	sekrit get "$entry" >|"$scratch" ||
	    err "Failed to export entry \"$entry\""
	newsekrit add "$entry" <"$scratch" ||
	    err "Failed to import entry \"$entry\""
	printf "OK\n"
done
rm -f "$scratch"

outdir=sekrit-rekey-$(date +%Y%m%d)
if mv "$newdir" "$outdir"; then
	finaldir=$outdir
else
	finaldir=$newdir
fi
printf "New sekrit store can be found at %s\n" "$finaldir"