msfjarvis/compose-lobsters
1
Fork 0
mirror of https://github.com/msfjarvis/compose-lobsters synced 2025-08-15 05:17:03 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions 4

chore: re-encrypt secrets with age

Browse source
This commit is contained in:
Harsh Shandilya 2022-12-11 18:03:03 +05:30
parent 010f69031a
commit 943b9bd091
No known key found for this signature in database
7 changed files with 55 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

26
scripts/signing-setup.sh
View file

@ -2,16 +2,20 @@
set -euo pipefail
ENCRYPT_KEY="${1:-}"
ENCRYPT_KEY="${1}"
TEMP_KEY="$(mktemp)"
declare -A SECRETS
SECRETS[secrets/keystore.cipher]=keystore.jks
SECRETS[secrets/props.cipher]=keystore.properties
echo "${ENCRYPT_KEY:?}" > "${TEMP_KEY}"
if [[ -n "$ENCRYPT_KEY" ]]; then
for src in "${!SECRETS[@]}"; do
openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${src}" -out "${SECRETS[${src}]}" -k "${ENCRYPT_KEY}"
done
else
echo "Usage: ./signing-setup.sh <encryption key>"
fi
function decrypt() {
if ! command -v age 1>/dev/null; then
echo "age not installed"
exit 1
fi
SRC="${1}"
DST="${2}"
age --decrypt -i "${TEMP_KEY}" -o "${DST:?}" "${SRC:?}"
}
decrypt secrets/keystore.cipher keystore.jks
decrypt secrets/props.cipher keystore.properties