Created
April 24, 2015 16:22
-
-
Save dwelch2344/23c8eccc4d9255ac7f42 to your computer and use it in GitHub Desktop.
An example of how we encrypt our settings files with an OpenSSL cert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$1" ]; then | |
| echo "No configuration specified. Usage: $0 <config>" | |
| exit 1 | |
| fi | |
| CONFIG=$1 | |
| KEYFILE=conf/encrypt.crt | |
| openssl smime -encrypt -aes256 -binary -outform PEM \ | |
| -in "$CONFIG" \ | |
| "$KEYFILE" \ | |
| | pbcopy | |
| echo "Encrypted payload copied to your clipboard" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SECURE_FILE=/home/ec2-user/settings.enc | |
| DESTINATION=/home/ec2-user/settings.properties | |
| KEY_FILE=/home/ec2-user/decrypt.pem | |
| cd /home/ec2-user | |
| # Setup our Instance ID and Lane tag from AWS | |
| cat <<EOF >> /home/ec2-user/.bash_profile | |
| export INSTANCE_ID=`wget -q -O - http://169.254.169.254/latest/meta-data/instance-id` | |
| EOF | |
| # Create our encrypted file | |
| cat <<EOF >> "$SECURE_FILE" | |
| -----BEGIN PKCS7----- | |
| [ENCRYPTED_PAYLOAD_HERE] | |
| -----END PKCS7----- | |
| EOF | |
| # Decrypt our file (using the box's PK) | |
| sudo -u ec2-user openssl smime -decrypt -inform PEM -binary -in "$SECURE_FILE" -inkey "$KEY_FILE" -out "$DESTINATION" | |
| rm "$SECURE_FILE" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A little snippit to get you started with the CLI tools