Enhancement Request: Bulk re-encryption command for edited secrets in sopstool

[technagy]

Current Behavior

When using sopstool to decrypt every secret in the folder defined in the .sops.yaml file via sopstool d, it allows for decryption and editing of the secrets. However, once the secrets are edited and we want to re-encrypt all of them, there is no direct command provided. Currently, the available command is sopstool add, but it throws an error when trying to re-encrypt a file that already exists in .sops.yaml. As a workaround, one has to manually delete the entry from .sops.yaml before being able to add and re-encrypt the secret again.

There is also the sopstool edit command which allows opening an encrypted file in an editor, and post-editing and saving, it re-encrypts the file. However, this method is not practical when editing multiple secrets as it requires the user to open each file individually.

Expected Behavior

Ideally, sopstool should provide a straightforward method to re-encrypt all the decrypted files without the need to manually edit the .sops.yaml file. It should either have a dedicated command for this purpose or the existing sopstool add should be able to handle the re-encryption without errors. For workflows involving the editing of multiple secrets, there should be an efficient method to decrypt, edit, and re-encrypt all files seamlessly.

Steps to reproduce

1. Use sopstool to decrypt all secrets in the folder specified in .sops.yaml using the command sopstool d.
2. Edit any of the decrypted files.
3. Attempt to re-encrypt the edited files using sopstool add.
4. Observe the error complaining about the existing entry in .sops.yaml.
5. Manually delete the problematic entry from .sops.yaml.
6. Try re-encrypting the file again using sopstool add.
7. Additionally, try using sopstool edit for a single file and note that while it works for individual files, it's not practical for multiple files.

OS: Linux sops version: 3.7.3 sopstool version: v1.2.1