mreschke · May 5, 2021 17:15
diff --git a/.secrets b/.secrets
 #!/bin/bash

 # .secrets (dot secrets) by mReschke 2017-10-02
 # Download to /usr/local/bin and chmod a+x
 # Then run .secrets to setup your first vault!
 # Latest gist: https://gist.github.com/mreschke/c0d60e6c81a787c64e61b8ec79c62143

 option="$1"
 vault="$2"
 path=~/.secrets
 vaults=$path/vaults
 folderName=${vault}Secrets
 folder=~/$folderName
 fileName=${vault}Secrets.tar.gz
 file=$path/$fileName

 function lockVault() {
    if [ "$vault" == "" ]; then
        notice "Please specify a vault to lock.  Example ${GREEN}.secrets lock My${DEFAULT}"
        echo
        listVaults
        exit 1
    fi
    user=${!vault}
    vaultExists
    if [ -e $folder ]; then
        header "Locking $folder to $file"
        echo

        # Backup and Remove .gpg file if exists
        if [ -e $file.gpg ]; then

            # Backup previous vault first
            backupFile=$path/backups/$(date '+%Y%m%d-%H%M%S')_${fileName}.gpg
            step "Backing up previous GPG vault to $backupFile before locking"
            cp -a $file.gpg $backupFile

            rm $file.gpg
        fi

        # Zip DotSecrets and remove
        step "Compressing $folder folder using TAR and GZ"
        echo
        cd ~ && tar -zcvf $file $folderName && rm -rf $folder
        echo
        step "Compression of vault to $file successful"

        # GPG Encrypt .secrets.tar.gz
        step "Encrypting $file using GPG"
        gpg --encrypt --recipient "$user" $file && rm $file
        step "Encryption of vault to $file.gpg successful"
        step "$vault vault locked!"
        echo
        info "Done!"
    else
        if [ -e $file.gpg ]; then
            notice "$vault vault is already locked"
            info "  - ${BLUE}$folder${DEFAULT} not found while ${BLUE}$file.gpg${DEFAULT} exists -"
        else
            error "$vault vault not found (no $file.gpg)"
        fi
    fi
 }

 function unlockVault() {
    if [ "$vault" == "" ]; then
        notice "Please specify a vault to unlock.  Example ${GREEN}.secrets unlock My${DEFAULT}"
        echo
        listVaults
        exit 1
    fi
    user=${!vault}
    vaultExists
    if [ -e $folder ]; then
        notice "$vault vault is already unlocked"
        info "  - Folder ${BLUE}$folder${DEFAULT} exists -"
    else
        if [ -e $file.gpg ]; then
            header "Unlocking $file.gpg into $folder"
            echo

            # GPG Decrypt .secrets.tar.gz.gpg
            step "Decrypting $file.gpg using GPG"
            gpg --decrypt --output $file $file.gpg
            step "Decryption of vault to $file successful"

            # Unzip .secrets.tar.gz into DotSecrets
            step "Decompressing $file using TAR and GZ"
            mv $file ~
            cd ~ && tar -xf $fileName && rm $fileName
            step "Decompression of vault into $folder successful"
            step "$vault vault unlocked!"
            echo
            notice "Be careful as folder is in plain text."
            info "Remember to lock the vault when done using ${GREEN}.secrets lock $vault${DEFAULT}"
            echo
            info "Done!"
        else
            notice "$vault vault not found (no $file.gpg)"
        fi
    fi
 }

 function listVaults() {
    header "Vaults list from $vaults config file"
    cat $vaults
 }

 function createVault() {
    if [ "$vault" == "" ]; then
        notice "Please specify a vault to create.  Example: ${GREEN}.secrets create My${DEFAULT}"
        exit 1
    fi

    header "Creating $vault vault"

    echo
    info "This .secrets app utilizes GPG to encrypt your vault."
    info "You must have a GPG key already setup prior to locking and unlocking .secret vaults."
    echo
    header "Existing GPG users from gpg --list-keys"
    gpg --list-keys
    echo
    
    read -p "GPG USER-ID (ex [email protected]): " user

    gpgUser=$(gpg --list-keys | grep uid | grep "$user")
    if [ "$gpgUser" == "" ]; then
        echo 
        notice "No GPG user '$user' found.  Please configure GPG with the proepr user and try again."
        exit 1
    fi

    echo "$vault=$user" >> $vaults
    folder=~/${vault}Secrets
    echo
    step "Creating vault folder $folder"
    mkdir -p $folder
    step "$vault vault created!"
    echo
    info "Your new vault is open (unlocked)."
    info "Add files to ${BLUE}$folder${DEFAULT} then run ${GREEN}.secrets lock $vault${DEFAULT} to encrypt it."
    info "Actual gpg encrypted .tar.gz vault file lives in ${LIGHTBLUE}$file.gpg${DEFAULT}"
    echo
    info "Done!"
 }

 function usage() {
 echo ".secrets (dotsecrets) GPG encrypted folders
 Copyright (C) 2017 mReschke.com
 This program may be freely redistributed under the terms of the MIT license.

 A valid GPG user is required to use .secrets. Read about and configure GPG first.
 Encrypted .tar.gz.gpg vault files and configs are stored in $path
 Unlocked vaults are stored in your home (~) directory with a 'Secrets' postfix, ie: MySecrets

 Examples:
    .secrets create My     - Create new vault named My
    .secrets vaults        - List all vaults
    .secrets unlock My     - Unlock vault named My
    .secrets lock My       - Lock vault named My
    .secrets gpg-help      - A small GPG cheatsheet
 "
 }

 function vaultExists() {
    if [ "$user" == "" ]; then
        notice "$vault vault not found"
        echo
        listVaults
        exit 1
    fi
 }

 function gpgHelp() {
    header "GPG Quick Cheatsheet"
    info "gpg --list-keys"
 }

 function init() {
    if [ ! -e $path ]; then
        # Config not found, first time setup
        mkdir -p $path
        mkdir -p $path/backups
        echo "# Your .secret vaults and their GPG user accounts" >> $vaults
    fi

    # Source our config file
    if [ -e $vaults ]; then
        source $vaults
    fi

    # Bash Colors
    DEFAULT="\033[0;0m"
    BLUE="\033[0;34m"
    GREEN="\033[0;32m"
    CYAN="\033[0;36m"
    RED="\033[0;31m"
    PURPLE="\033[0;35m"
    BROWN="\033[0;33m"
    LIGHTGRAY="\033[0;37m"
    DARKGRAY="\033[1;30m"
    LIGHTBLUE="\033[1;34m"
    LIGHTGREEN="\033[1;32m"
    LIGHTCYAN="\033[1;36m"
    LIGHTRED="\033[1;31m"
    LIGHTPURPLE="\033[1;35m"
    YELLOW="\033[1;33m"
    WHITE="\033[1;37m"
 }

 function header() {
    echo -e "${YELLOW}:: ${GREEN}$1 ${YELLOW}::${DEFAULT}"
 }

 function log() {
    echo -e "${DEFAULT}$1"
 }

 function info() {
    echo -e "${WHITE}$1${DEFAULT}"
 }

 function step() {
    echo -e "${BLUE}* ${DARKGRAY}$1${DEFAULT}"
 }

 function error() {
    echo -e "${LIGHTRED}ERROR: ${RED}$1${DEFAULT}"
    echo
 }

 function notice() {
    echo -e "${YELLOW}NOTICE: ${BROWN}$1${DEFAULT}"
 }




 # --------------------------------------------------------------
 init
 if [ "$option" == "unlock" ]; then
    unlockVault
 elif [ "$option" == "lock" ]; then
    lockVault
 elif [ "$option" == "vaults" ]; then
    listVaults
 elif [ "$option" == "create" ]; then
    createVault
 elif [ "$option" == "gpg-help" ]; then
    gpgHelp
 else
    usage
 fi
	#!/bin/bash

	# .secrets (dot secrets) by mReschke 2017-10-02
	# Download to /usr/local/bin and chmod a+x
	# Then run .secrets to setup your first vault!
	# Latest gist: https://gist.github.com/mreschke/c0d60e6c81a787c64e61b8ec79c62143

	option="$1"
	vault="$2"
	path=~/.secrets
	vaults=$path/vaults
	folderName=${vault}Secrets
	folder=~/$folderName
	fileName=${vault}Secrets.tar.gz
	file=$path/$fileName

	function lockVault() {
	if [ "$vault" == "" ]; then
	notice "Please specify a vault to lock. Example ${GREEN}.secrets lock My${DEFAULT}"
	echo
	listVaults
	exit 1
	fi
	user=${!vault}
	vaultExists
	if [ -e $folder ]; then
	header "Locking $folder to $file"
	echo

	# Backup and Remove .gpg file if exists
	if [ -e $file.gpg ]; then

	# Backup previous vault first
	backupFile=$path/backups/$(date '+%Y%m%d-%H%M%S')_${fileName}.gpg
	step "Backing up previous GPG vault to $backupFile before locking"
	cp -a $file.gpg $backupFile

	rm $file.gpg
	fi

	# Zip DotSecrets and remove
	step "Compressing $folder folder using TAR and GZ"
	echo
	cd ~ && tar -zcvf $file $folderName && rm -rf $folder
	echo
	step "Compression of vault to $file successful"

	# GPG Encrypt .secrets.tar.gz
	step "Encrypting $file using GPG"
	gpg --encrypt --recipient "$user" $file && rm $file
	step "Encryption of vault to $file.gpg successful"
	step "$vault vault locked!"
	echo
	info "Done!"
	else
	if [ -e $file.gpg ]; then
	notice "$vault vault is already locked"
	info " - ${BLUE}$folder${DEFAULT} not found while ${BLUE}$file.gpg${DEFAULT} exists -"
	else
	error "$vault vault not found (no $file.gpg)"
	fi
	fi
	}

	function unlockVault() {
	if [ "$vault" == "" ]; then
	notice "Please specify a vault to unlock. Example ${GREEN}.secrets unlock My${DEFAULT}"
	echo
	listVaults
	exit 1
	fi
	user=${!vault}
	vaultExists
	if [ -e $folder ]; then
	notice "$vault vault is already unlocked"
	info " - Folder ${BLUE}$folder${DEFAULT} exists -"
	else
	if [ -e $file.gpg ]; then
	header "Unlocking $file.gpg into $folder"
	echo

	# GPG Decrypt .secrets.tar.gz.gpg
	step "Decrypting $file.gpg using GPG"
	gpg --decrypt --output $file $file.gpg
	step "Decryption of vault to $file successful"

	# Unzip .secrets.tar.gz into DotSecrets
	step "Decompressing $file using TAR and GZ"
	mv $file ~
	cd ~ && tar -xf $fileName && rm $fileName
	step "Decompression of vault into $folder successful"
	step "$vault vault unlocked!"
	echo
	notice "Be careful as folder is in plain text."
	info "Remember to lock the vault when done using ${GREEN}.secrets lock $vault${DEFAULT}"
	echo
	info "Done!"
	else
	notice "$vault vault not found (no $file.gpg)"
	fi
	fi
	}

	function listVaults() {
	header "Vaults list from $vaults config file"
	cat $vaults
	}

	function createVault() {
	if [ "$vault" == "" ]; then
	notice "Please specify a vault to create. Example: ${GREEN}.secrets create My${DEFAULT}"
	exit 1
	fi

	header "Creating $vault vault"

	echo
	info "This .secrets app utilizes GPG to encrypt your vault."
	info "You must have a GPG key already setup prior to locking and unlocking .secret vaults."
	echo
	header "Existing GPG users from gpg --list-keys"
	gpg --list-keys
	echo

	read -p "GPG USER-ID (ex [email protected]): " user

	gpgUser=$(gpg --list-keys \| grep uid \| grep "$user")
	if [ "$gpgUser" == "" ]; then
	echo
	notice "No GPG user '$user' found. Please configure GPG with the proepr user and try again."
	exit 1
	fi

	echo "$vault=$user" >> $vaults
	folder=~/${vault}Secrets
	echo
	step "Creating vault folder $folder"
	mkdir -p $folder
	step "$vault vault created!"
	echo
	info "Your new vault is open (unlocked)."
	info "Add files to ${BLUE}$folder${DEFAULT} then run ${GREEN}.secrets lock $vault${DEFAULT} to encrypt it."
	info "Actual gpg encrypted .tar.gz vault file lives in ${LIGHTBLUE}$file.gpg${DEFAULT}"
	echo
	info "Done!"
	}

	function usage() {
	echo ".secrets (dotsecrets) GPG encrypted folders
	Copyright (C) 2017 mReschke.com
	This program may be freely redistributed under the terms of the MIT license.

	A valid GPG user is required to use .secrets. Read about and configure GPG first.
	Encrypted .tar.gz.gpg vault files and configs are stored in $path
	Unlocked vaults are stored in your home (~) directory with a 'Secrets' postfix, ie: MySecrets

	Examples:
	.secrets create My - Create new vault named My
	.secrets vaults - List all vaults
	.secrets unlock My - Unlock vault named My
	.secrets lock My - Lock vault named My
	.secrets gpg-help - A small GPG cheatsheet
	"
	}

	function vaultExists() {
	if [ "$user" == "" ]; then
	notice "$vault vault not found"
	echo
	listVaults
	exit 1
	fi
	}

	function gpgHelp() {
	header "GPG Quick Cheatsheet"
	info "gpg --list-keys"
	}

	function init() {
	if [ ! -e $path ]; then
	# Config not found, first time setup
	mkdir -p $path
	mkdir -p $path/backups
	echo "# Your .secret vaults and their GPG user accounts" >> $vaults
	fi

	# Source our config file
	if [ -e $vaults ]; then
	source $vaults
	fi

	# Bash Colors
	DEFAULT="\033[0;0m"
	BLUE="\033[0;34m"
	GREEN="\033[0;32m"
	CYAN="\033[0;36m"
	RED="\033[0;31m"
	PURPLE="\033[0;35m"
	BROWN="\033[0;33m"
	LIGHTGRAY="\033[0;37m"
	DARKGRAY="\033[1;30m"
	LIGHTBLUE="\033[1;34m"
	LIGHTGREEN="\033[1;32m"
	LIGHTCYAN="\033[1;36m"
	LIGHTRED="\033[1;31m"
	LIGHTPURPLE="\033[1;35m"
	YELLOW="\033[1;33m"
	WHITE="\033[1;37m"
	}

	function header() {
	echo -e "${YELLOW}:: ${GREEN}$1 ${YELLOW}::${DEFAULT}"
	}

	function log() {
	echo -e "${DEFAULT}$1"
	}

	function info() {
	echo -e "${WHITE}$1${DEFAULT}"
	}

	function step() {
	echo -e "${BLUE}* ${DARKGRAY}$1${DEFAULT}"
	}

	function error() {
	echo -e "${LIGHTRED}ERROR: ${RED}$1${DEFAULT}"
	echo
	}

	function notice() {
	echo -e "${YELLOW}NOTICE: ${BROWN}$1${DEFAULT}"
	}




	# --------------------------------------------------------------
	init
	if [ "$option" == "unlock" ]; then
	unlockVault
	elif [ "$option" == "lock" ]; then
	lockVault
	elif [ "$option" == "vaults" ]; then
	listVaults
	elif [ "$option" == "create" ]; then
	createVault
	elif [ "$option" == "gpg-help" ]; then
	gpgHelp
	else
	usage
	fi