#!/usr/bin/env bash
set -euo pipefail
: "${VAULT_ROOT:=~/infrastructure/vault}"
vr="$(eval echo "$VAULT_ROOT")"
[[ -f "$vr/.sops.yaml" ]] || { echo "missing .sops.yaml"; exit 1; }
grep -q "creation_rules" "$vr/.sops.yaml" || { echo "invalid policy"; exit 1; }
echo "[OK] policy"