Easy rekey whole file (decrypt using key pair A and encrypt using key pair B)

[gdubicki]

We have cases where we would like to automatically re-encrypt a bunch of hiera files using a different key pair. Note that those files contain both encrypted and unencrypted values.

It would be nice if we could have a new command, let's say 'rekey, which could be internally similar to what hiera edit does, but which would with single command, in a non-interactive way:

1. open a file using key pair A and decrypt encrypted values there,
2. encrypt values using key pair B and write to the file again.

We are thinking about creating a PR for this, but perhaps this may be doable with some existing cli spells or someone has this ready in some fork, so I would like to report this need here first. :)

[TJM]

One of the options on the command line is recrypt. It feels like that would be the right place to add that functionality. (honestly, I thought that was what that was for, but it doesn't appear to be)

[FransUrbo]

Yeah, this is starting to be extremely important to me as well! recrypt did seem to be the obvious choice, but not sure exactly what that do. Same as encrypt it seems?!

[FransUrbo]

@gdubicki Are you guys still thinking about a PR to fix this?