GPG encrypted journal

Rakefile

# frozen_string_literal: true

GPG_KEYIDS = ['YOUR_GPG_KEY_ID']
GPG_RECIPIENTS = GPG_KEYIDS.reduce(String.new) { |str, key| str << "--recipient #{key}" }
DECRYPTED_DIR = File.expand_path('./decrypted')
ENCRYPTED_TAR = File.expand_path('./encrypted.tar.gpg')
ARCHIVE_DIR = File.expand_path('./archive')

desc 'setup encrypted folder'
task :setup do
  mkdir_p DECRYPTED_DIR
  mkdir_p ARCHIVE_DIR
  touch File.join(DECRYPTED_DIR, 'test')
  Rake::Task['close'].invoke
end

desc 'decrypt files'
task :open do
  abort "#{DECRYPTED_DIR} exists. Is the encrypted dir already open?" if Dir.exist?(DECRYPTED_DIR)

  mkdir DECRYPTED_DIR
  sh "gpg --decrypt #{ENCRYPTED_TAR} | tar xf - -C #{DECRYPTED_DIR}"
end

desc 'encrypt files and cleanup'
task :close do
  rm ENCRYPTED_TAR if File.exist?(ENCRYPTED_TAR)
  sh "tar -cf - --directory #{DECRYPTED_DIR} . | gpg --batch --encrypt #{GPG_RECIPIENTS} > #{ENCRYPTED_TAR}"
  sh "find #{DECRYPTED_DIR} -type f | xargs -I FILE shred -u FILE"
  rm_rf DECRYPTED_DIR
  timestamp = Time.now.getutc.strftime('%Y%m%dT%H%M')
  cp ENCRYPTED_TAR, File.join(ARCHIVE_DIR, "#{timestamp}.tar.gpg")
end