/
script.zsh
62 lines (52 loc) · 1.29 KB
/
script.zsh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
_=${1:?Subcommand must be specified}
FILE_NAME=${2:?The secret must be specified}
SECRET_NAME=$FILE_NAME:t
RECEPIENT=${RECEPIENT:?GPG recepient must be specified through RECEPIENT env var}
DEFAULT_SECRETS_STORAGE="$HOME/.secrets"
SECRETS_STORAGE=${SECRETS_STORAGE:-$DEFAULT_SECRETS_STORAGE}
SECRET_FILENAME="$SECRETS_STORAGE/$SECRET_NAME.gpg"
function realpath {
echo $(cd $(dirname $1); pwd)/$(basename $1);
}
function decrypt_to_out {
gpg --decrypt $SECRET_FILENAME
}
function _source_secrets {
{source $file} 3<> ${file::==(decrypt_to_out)}
export SESSION_SECRETS=true
}
function _decrypt {
gpg -q --decrypt $SECRET_FILENAME
}
function _encrypt {
echo "Encrypting $SECRET_NAME as $SECRET_FILENAME"
local file=$(realpath $FILE_NAME)
gpg --batch --yes --output $SECRET_FILENAME --encrypt --recipient $RECEPIENT $file
echo "Removing $file"
rm $file
}
function _rm {
rm $SECRET_FILENAME
}
case $1 in
source)
_source_secrets
;;
decrypt)
_decrypt
;;
encrypt)
_encrypt
;;
rm)
_rm
;;
*)
echo "Unknown subcommand $1. source, decrypt or encrypt must be used"
;;
esac
unfunction _decrypt
unfunction _source_secrets
unfunction _rm
unfunction decrypt_to_out
unfunction realpath