[DO-1236] Add new function for reencrypt files and fix error/warnings shellcheck (!21)
DO-1236 Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech> Reviewed-on: https://git.avroid.tech/DevOps/secrets/pulls/21 Reviewed-by: Vasiliy Chipizhin <vasiliy.chipizhin@avroid.team> Reviewed-by: Rustam Tagaev <rustam.tagaev@avroid.team>
This commit is contained in:
Denis Patrakeev
56
gpg-tool.sh
56
gpg-tool.sh
@@ -9,6 +9,7 @@ gpg-tool.sh [args] file
|
||||
Commands:
|
||||
-d, --decrypt decrypt file
|
||||
-e, --encrypt encrypt file
|
||||
-r, --reencrypt decrypt and encrypt all .asc files in directory
|
||||
-v, --view view encrypted file
|
||||
-i, --import_keys import keys
|
||||
-h, --help display help
|
||||
@@ -18,38 +19,71 @@ Example:
|
||||
./gpg-tool.sh --view secrets.txt.asc
|
||||
./gpg-tool.sh --decrypt secrets.txt.asc
|
||||
./gpg-tool.sh --encrypt secrets.txt
|
||||
./gpg-tool.sh --reencrypt .
|
||||
"
|
||||
}
|
||||
|
||||
function decrypt {
|
||||
FILE="$1"
|
||||
gpg --decrypt-files "$SCRIPT_PATH/$FILE"
|
||||
rm -r "$SCRIPT_PATH/$FILE"
|
||||
local FILE="$1"
|
||||
gpg --decrypt-files "${SCRIPT_PATH:?}/${FILE}"
|
||||
rm -r "${SCRIPT_PATH:?}/${FILE}"
|
||||
}
|
||||
|
||||
function view {
|
||||
FILE="$1"
|
||||
gpg --decrypt "$SCRIPT_PATH"/"$FILE" 2> /dev/null
|
||||
local FILE="$1"
|
||||
gpg --decrypt "${SCRIPT_PATH:?}/${FILE}" 2> /dev/null
|
||||
}
|
||||
|
||||
function import_keys {
|
||||
for i in ls "$SCRIPT_PATH"/keys/*.pub; do
|
||||
for i in ls "${SCRIPT_PATH:?}"/keys/*.pub; do
|
||||
gpg --import "$i" 2>&1 | head -1 | awk '{print $3}' | sed 's/.$//' > /dev/null
|
||||
done
|
||||
echo 'All keys have been imported'
|
||||
}
|
||||
|
||||
function get_recipients {
|
||||
for i in "$SCRIPT_PATH"/keys/*.pub; do
|
||||
for i in "${SCRIPT_PATH:?}"/keys/*.pub; do
|
||||
allKeys+="--recipient $(gpg --import "$i" 2>&1 | head -1 | awk '{print $3}' | sed 's/.$//') "
|
||||
done
|
||||
echo "$allKeys"
|
||||
}
|
||||
|
||||
function encrypt {
|
||||
local PUBKEYS
|
||||
PUBKEYS=$(get_recipients)
|
||||
FILE="$1"
|
||||
gpg --encrypt-files --trust-model always $PUBKEYS --armor "$FILE"
|
||||
local FILE="$1"
|
||||
gpg --encrypt-files --trust-model always "${PUBKEYS}" --armor "$FILE"
|
||||
}
|
||||
|
||||
function reencrypt {
|
||||
local PUBKEYS
|
||||
PUBKEYS=$(get_recipients)
|
||||
local CHECK_REMOVE
|
||||
local DIR="$1"
|
||||
local LIST_FILES_ASC
|
||||
local LIST_FILES
|
||||
|
||||
LIST_FILES_ASC=$(find "$SCRIPT_PATH/${DIR}/" -type f -name "*.asc")
|
||||
LIST_FILES=$(echo "${LIST_FILES_ASC}" | awk '{gsub(/\.asc$/,""); print}')
|
||||
|
||||
echo -e "List files for decrypt:\n${LIST_FILES_ASC}\n"
|
||||
read -r -p 'Decrypt files for future reencrypt. Are you sure (y/N): ' CHECK_DECRYPT
|
||||
if ! [ "${CHECK_DECRYPT}" == "y" ] || [ "${CHECK_DECRYPT}" == "Y" ]; then
|
||||
exit 1
|
||||
fi
|
||||
echo "${LIST_FILES_ASC}" | gpg --decrypt-files
|
||||
|
||||
echo -e "\n"
|
||||
read -r -p 'Reencrypt decrypted files. Are you sure (y/N): ' CHECK_REENCRYPT
|
||||
if [ "${CHECK_REENCRYPT}" == "y" ] || [ "${CHECK_REENCRYPT}" == "Y" ]; then
|
||||
echo "${LIST_FILES}" | gpg --encrypt-files --trust-model always "${PUBKEYS}" --armor --yes
|
||||
fi
|
||||
|
||||
echo -e "\nList decrypted files for remove:\n${LIST_FILES}\n"
|
||||
read -r -p 'Remove decrypted files. Are you sure (y/N): ' CHECK_REMOVE
|
||||
if [ "${CHECK_REMOVE}" == "y" ] || [ "${CHECK_REMOVE}" == "Y" ]; then
|
||||
echo "${LIST_FILES}" | xargs rm -f
|
||||
fi
|
||||
}
|
||||
|
||||
if [ $# = 0 ]; then
|
||||
@@ -70,6 +104,10 @@ case $1 in
|
||||
encrypt "$2"
|
||||
;;
|
||||
|
||||
-r | --reencrypt)
|
||||
reencrypt "$2"
|
||||
;;
|
||||
|
||||
-v | --view)
|
||||
view "$2"
|
||||
;;
|
||||
|
||||
Reference in New Issue
Block a user