-
-
Notifications
You must be signed in to change notification settings - Fork 132
/
Copy pathencrypt.sh
82 lines (61 loc) · 1.48 KB
/
encrypt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/usr/bin/env sh
set -euf
enc_usage() {
cat <<EOF
helm secrets [ OPTIONS ] encrypt [ -i ] <path to file>
Encrypt secrets
It uses your gpg credentials to encrypt .yaml file. If the file is already
encrypted, look for a decrypted file and encrypt that to .yaml.
This allows you to first decrypt the file, edit it, then encrypt it again.
You can use plain sops to encrypt - https://github.com/getsops/sops
Example:
$ helm secrets encrypt <SECRET_FILE_PATH>
$ git add <SECRET_FILE_PATH>
$ git commit
$ git push
EOF
}
encrypt_helper() {
dir=$(dirname "$1")
filename=$(basename "$1")
inline="$2"
cd "$dir"
if [ ! -f "${filename}" ]; then
fatal 'File does not exist: %s' "${dir}/${filename}"
fi
if [ "${inline}" = "true" ]; then
output="${filename}"
else
output=""
fi
if backend_is_file_encrypted "${filename}"; then
fatal 'Already encrypted: %s' "${filename}"
fi
backend_encrypt_file "yaml" "${filename}" "${output}"
}
encrypt() {
if is_help "$1"; then
enc_usage
return
fi
inline=false
argc=$#
j=0
while [ $j -lt $argc ]; do
case "$1" in
-i)
inline=true
;;
*)
set -- "$@" "$1"
;;
esac
shift
j=$((j + 1))
done
filepath="$1"
if [ ! -f "${filepath}" ]; then
fatal 'File does not exist: %s' "${filepath}"
fi
encrypt_helper "${filepath}" "${inline}"
}