From 69f63cced4d6d2bf123b78df1425e2c2a5a7098e Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Thu, 3 Aug 2023 12:21:43 +0530 Subject: [PATCH] refactor(scripts): convert scripts/encrypt-secret to Python --- scripts/encrypt-secret.py | 31 +++++++++++++++++++++++++++++++ scripts/encrypt-secret.sh | 18 ------------------ 2 files changed, 31 insertions(+), 18 deletions(-) create mode 100755 scripts/encrypt-secret.py delete mode 100755 scripts/encrypt-secret.sh diff --git a/scripts/encrypt-secret.py b/scripts/encrypt-secret.py new file mode 100755 index 00000000..295facee --- /dev/null +++ b/scripts/encrypt-secret.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 + +import sys +import subprocess +import shutil +from pathlib import Path + + +def main(): + if len(sys.argv) != 4: + raise RuntimeError( + "USAGE: encrypt-secret.py " + ) + input_file = Path(sys.argv[1]) + output_file = Path(sys.argv[2]) + age_key = sys.argv[3] + if shutil.which("age") is None: + raise RuntimeError("age not installed") + if not input_file.exists(): + raise RuntimeError(f"Input file '{input_file.name}' does not exist") + recipient = subprocess.run( + ["age-keygen", "-y"], capture_output=True, text=True, input=age_key + ).stdout.strip() + subprocess.run( + ["age", "--encrypt", "-r", recipient, "-o", output_file], + input=input_file.read_bytes(), + ) + + +if __name__ == "__main__": + main() diff --git a/scripts/encrypt-secret.sh b/scripts/encrypt-secret.sh deleted file mode 100755 index 80f93d0a..00000000 --- a/scripts/encrypt-secret.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -INPUT_FILE="${1:-}" -OUTPUT_FILE="${2:-}" -AGE_KEY="${3:-}" - -if ! command -v age 1>/dev/null; then - echo "age not installed" - exit 1 -fi - -if [[ -n "$AGE_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then - age --encrypt -r "$(echo "${AGE_KEY}" | age-keygen -y)" -o "${OUTPUT_FILE}" < "${INPUT_FILE}" -else - echo "Usage: ./encrypt-secret.sh " -fi