Avroid/secrets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[DO-437] add consul credentials

Browse Source
This commit is contained in:
Rustam Tagaev
2024-04-15 16:40:45 +03:00
parent a12974d8be
commit 30afbf7aed
3 changed files with 63 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1 +1,2 @@
*.txt *.txt
consul.yml

41
README.md
View File

@@ -1,10 +1,10 @@
# GPG helper script # GPG helper script
Use ./gpg-tool.sh to automate gpg operations Use ./gpg-tool.sh to automate gpg operations
Usage: ## Usage
-------------------------------------
``` ```bash
gpg-tool.sh [args] file gpg-tool.sh [args] file
Commands: Commands:
@@ -21,12 +21,14 @@ Example:
./gpg-tool.sh --encrypt secrets.txt ./gpg-tool.sh --encrypt secrets.txt
``` ```
# Как переподписать секреты новым ключом ## Как переподписать секреты новым ключом
```
1. Сгенерировать и добавить новый ключ в каталог `keys` 1. Сгенерировать и добавить новый ключ в каталог `keys`
Статья: https://eva.avroid.tech/project/Document/DOC-000832#gpg-how-to [Статья:](https://eva.avroid.tech/project/Document/DOC-000832#gpg-how-to)
2. Перейти в корень репозитория и выполнить команды: 2. Перейти в корень репозитория и выполнить команды:
```bash
./gpg-tool.sh --import_keys ./gpg-tool.sh --import_keys
./gpg-tool.sh --decrypt secrets.txt.asc ./gpg-tool.sh --decrypt secrets.txt.asc
@@ -38,26 +40,29 @@ Example:
3. Переподписанные файлы .asc PUSH в репозиторий 3. Переподписанные файлы .asc PUSH в репозиторий
``` ```
## How to use GPG
# How to use GPG
To encrypt a document the option --encrypt is used. You must have the public keys of the intended recipients. The software expects the name of the document to encrypt as input or, if omitted, on standard input. The encrypted result is placed on standard output or as specified using the option --output. The document is compressed for additional security in addition to encrypting it. To encrypt a document the option --encrypt is used. You must have the public keys of the intended recipients. The software expects the name of the document to encrypt as input or, if omitted, on standard input. The encrypted result is placed on standard output or as specified using the option --output. The document is compressed for additional security in addition to encrypting it.
> gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc ```bash
> gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc
```
The --recipient option is used once for each recipient and takes an extra argument specifying the public key to which the document should be encrypted. The encrypted document can only be decrypted by someone with a private key that complements one of the recipients' public keys. In particular, you cannot decrypt a document encrypted by you unless you included your own public key in the recipient list. The --recipient option is used once for each recipient and takes an extra argument specifying the public key to which the document should be encrypted. The encrypted document can only be decrypted by someone with a private key that complements one of the recipients' public keys. In particular, you cannot decrypt a document encrypted by you unless you included your own public key in the recipient list.
To decrypt a message the option --decrypt is used. You need the private key to which the message was encrypted. Similar to the encryption process, the document to decrypt is input, and the decrypted result is output. To decrypt a message the option --decrypt is used. You need the private key to which the message was encrypted. Similar to the encryption process, the document to decrypt is input, and the decrypted result is output.
> gpg --output doc --decrypt doc.gpg ```bash
> gpg --output doc --decrypt doc.gpg
You need a passphrase to unlock the secret key for You need a passphrase to unlock the secret key for
user: "Blake (Executioner) <blake@cyb.org>" user: "Blake (Executioner) <blake@cyb.org>"
1024-bit ELG-E key, ID 5C8CBD41, created 1999-06-04 (main key ID 9E98BC16) 1024-bit ELG-E key, ID 5C8CBD41, created 1999-06-04 (main key ID 9E98BC16)
Enter passphrase:
Enter passphrase: ```
Documents may also be encrypted without using public-key cryptography. Instead, only a symmetric cipher is used to encrypt the document. The key used to drive the symmetric cipher is derived from a passphrase supplied when the document is encrypted, and for good security, it should not be the same passphrase that you use to protect your private key. Symmetric encryption is useful for securing documents when the passphrase does not need to be communicated to others. A document can be encrypted with a symmetric cipher by using the --symmetric option. Documents may also be encrypted without using public-key cryptography. Instead, only a symmetric cipher is used to encrypt the document. The key used to drive the symmetric cipher is derived from a passphrase supplied when the document is encrypted, and for good security, it should not be the same passphrase that you use to protect your private key. Symmetric encryption is useful for securing documents when the passphrase does not need to be communicated to others. A document can be encrypted with a symmetric cipher by using the --symmetric option.
> gpg --output doc.gpg --symmetric doc ```bash
> gpg --output doc.gpg --symmetric doc
Enter passphrase: Enter passphrase:
```

38
consul.yml.asc Normal file
View File

@@ -0,0 +1,38 @@
-----BEGIN PGP MESSAGE-----
hQIMA4kaHcOt7KGGAQ/9HLcwp9AvFdHZBHL4zTKlcBaXCrhLyuqtZNCx4b2paCPs
pxYPB3k/ykoyoqtBBNFoT4OCEDZ8o75n1GUUdbJq3XXAjh4vlRybZ0oE1XYF/fxs
z6Ft7Uiko27ahLw+7mdA6FUcjgORYpWdfnVAdaT/4r3k0qRoag8tZnqChXj+n9oN
T7e1YkrImjOND0tdSV9xzMwx9HbcoJXx8IIsYsSy5TGOWx4C1CmnOZg4jDbhnUat
Ia2noK75Yi8Wkd22RbT96Y2k8PAHuOtdpbUxfOkt1di3ss2dx7GLweiE/nGSR5Xk
aJO08O1UNRrxL51o3dti98/Gy+DG12pHFZ7PLCLzIIQpL8RpbNFtfk39ucyi1PPb
aK41UKB7Xn7+3tJV19KCtu+PEC8GwVGVh3GqL/exXQIPaiihbAFkYppeB7fuWWU1
mqavM+SHEOELw60Kqj2T+9ZRtFJW34PRytNbnJ+MclNm0y8JoFlb4JKc3uyPrZKI
cTLCIb9tkFj/wGYVfJNwyzTJHNRSRXCNnBdwaAqBfH/JD6tRd+x99rW+0mi4h3Rz
pKldleiczkA1prS8fyF1KmsMcryoLGu1OcTOi9NF8U8jfFdyhXdhaAsuTlADJ7Iv
wJqXEAq2Db14nRo51RVuIJT0LMOL7uJW7L6zrKnhMRt66i6Wa3QkmJ6ak4YklG6E
XgO/0xu4SmDooRIBB0BtjVeMupHjH3o3PmRRe2JMIRv0YxdM3EInS3RKuqZSCzDG
PgAl3iLPK23lEY7NrZtUxU2Ri5HvrfFK3m1EUiAXM2ugu/Y+Xu5i677UGxmHA6qE
XgPyKRPJwnnyHBIBB0DwJJOXoLvcpuIHFQorwUtzMEHENnDqnDYf8FF8KdNAdjDV
Ft/lIuQeFmv7U02Q9Mli3DDV6u0QPSPqfE5CxGbYV+Jo4wRKQ7ULaVF/lJv6tdKE
XgOpq5bnXKRAVhIBB0DbXru+wG+qzDQmpFegUMepH0b7cEjYAuEh+naeoyZEWzD7
4LAS+c1P2StCtsBnsV2AG48Bsh5qcNau6oS/UAiSSmOar+sB0wkfvLTbutZkaFqF
AgwDp5BP/tuiV7IBEAC2GlbDGnH16rpanW6QaLQzOgAO0cTrZvIepkB6c8XQEsa7
FoQNjhuP+TYD9Xoo6afRB0fpIhug7pL2sZrgYKOljqmkSGdCIu2lLcQWvGyrbX6r
6p2sz16cNvrk+ndcsfRbdgksfbUikVK1WJemMMPlyRznPpvhR0YVUzxmoDnwVfFw
D2rANnELlF/p2JQXmReRZrD5ArkD1DW+pGskk+pkuRhwunKbXvXjW+kyV7YjsEHR
P8cCred8mVrbsiJsil6C69o8IscylPRAS99Y4mNRONR1ruvFovLGGdlao/nR6Kuh
vI+GdapOgo531CGmGnCizg5KgNoknIJG5V1df9mZ0zb3qIiyM7wGxNcrsQEo9Vq7
aiKWsz4Andm8diP9NtvnAqql9R2vazrMQHxrMbsbHHLvgQm70xfXndM1laGG/iGM
XfAJKayoD2YlsQ8jxxdtOJQoLv+Y+y+6gTYUAu9S9rwMEa+89OgpjRdZXBMPYf59
XebulDjSG/R9Q9tjD1Q1V6oLekXJKWnqFkD+yunM7Xa2b8dV5Hq7GHxVPAJAaUJz
REt80C176akPxCS6khpdTiJVG9SUPbAUoCsh+B4rR02S/4gGHc2yBJLAZlH+l7M0
DG3heTY8A5Vp9J8drUeWsHUklSX5kyCd1LeOVQwYBsBlfEqzbcmBcBbRiZ8vcdTA
TwEJAhBwDPS1nVVoQT1ZDa3VghpELPP46eKHYvgWsnDUcQh6seaxlYMpjA7FxnDb
jL6JwkxMABFm+JmLC9rNQy/iO6SHotuM4OIlglQ6rsxMok6QV9LZiObieC81/QwZ
pD8s1F8zZGEX1cm/WlR31paUlaeZGgkC13q3PXnhcuTzn723SNkXheXh2gcF6ItI
0xMCsrkLNuQWWHMQks4VTpK+Kr7dCpChvQSqa1+CJNm2V6q3SyOVf1e32TW0pH4V
I0vngiHZmtLZhiZ/fbmH20SV2pX566y5oAWSUSnucYJE+RRqDskxMMzwNHTOJuA+
iYriKzFg7qt1ttlw+bgpu3AAA0PG6M97aGPI7j2Jv3g=
=5QlU
-----END PGP MESSAGE-----