Skip to content

Instantly share code, notes, and snippets.

@CodeArtha
Last active February 28, 2018 17:32
Show Gist options
  • Select an option

  • Save CodeArtha/dc17cfcb5c9fb0b0794e15d1fd0514d2 to your computer and use it in GitHub Desktop.

Select an option

Save CodeArtha/dc17cfcb5c9fb0b0794e15d1fd0514d2 to your computer and use it in GitHub Desktop.
Script for making a new commit after encrypting sensitive files so that people accessing the repo can't see them if they're not supposed to.
#!/bin/dash
# Gets the number of files in the current directory + subdirectories that have a certain extension.
PASS=`find . -type f -name "*.pass" | wc -l`
ASC0=`find . -type f -name "*.asc" | wc -l`
if [ "$PASS" != 0 ]; then
# We use gpg to encrypt for ourself any file that contains password if they aren't already.
# I take as a convention in this repository to name all files I want to encrypt with the .pass extension.
# The encrypted version of said files will have the .pass.asc extension.
find . -type f -name "*.pass" | gpg --yes --armor -r codeartha@gmail.com -r william@arsac.net --encrypt-files
fi
# Gets the number of files in the current directory + subdirectories that have a certain extension.
ASC1=`find . -type f -name "*.asc" | wc -l`
ASC=$(($ASC1 - $ASC0))
# checking that all the unencrypted files yielded an encrypted one before deleting unencrypted version.
if [ "$ASC" -eq "$PASS" ]; then
echo "[INFO] Password files encrypted correctly."
echo "[INFO] Deleting .pass files after encryption..."
# Deleting files after encryption
# find . -type f -name "*.pass" | shred -u # doesn't work need to use -exec command
find . -type f -name "*.pass" -exec shred -u {} ';'
# Checking they all got deleted, then commit.
PASS=`find . -type f -name "*.pass" | wc -l`
if [ "$PASS" -eq 0 ]; then
echo "[INFO] All sensitive files deleted."
# This commit needs a comment. We check if one is passed by argument, else we ask for one.
if [ $# -eq 0 ]; then
echo "Comment for this commit: "
read COMMENT
else
COMMENT=$1
fi
# Making a new commit using specified comment.
git add .
git commit -m "$COMMENT"
echo "[INFO] Done."
else
echo "[ERROR] Failed to delete all .pass files."
echo "[INFO] Aborting!"
fi
else
echo "[ERROR] Number of encrypted and unencrypted files do not match."
echo "[INFO] Aborting!"
fi
@CodeArtha

Copy link
Copy Markdown
Author

Intended to use together with this script: https://gist.github.com/CodeArtha/a77caaff4bd6d054acf6265c163e2cdb
as if there are already other .asc files in the directory that were previously or manually encrypted it will error out.

@CodeArtha

Copy link
Copy Markdown
Author

EDIT: solved errors when there is a mix of .asc and .pass before using this script. I also added a lot more log information about errors.

@CodeArtha

Copy link
Copy Markdown
Author

TODO: make it also work with files that have another extension than .pass but contain a certain string like "codeartha.git.secure"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment