Last active
August 30, 2023 09:14
-
-
Save theasp/665248e3070482e7fe07bc6d84d09a8c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| VAULT_PASSWORD_FILE=${VAULT_PASSWORD_FILE:-"vault-password.gpg"} | |
| GPG_ID=${GPG_ID:-$EMAIL} | |
| CMD=${1:-"--decrypt"} | |
| function wrap { | |
| echo FOLD | |
| fold -sw ${COLUMNS:-80} | |
| } | |
| case "$CMD" in | |
| -c|--change) | |
| GPG_ID=${2:-$GPG_ID} | |
| if [[ -z $VAULT_PASSWORD ]]; then | |
| read -sp 'New vault password: ' VAULT_PASSWORD | |
| echo | |
| fi | |
| gpg2 --armor --recipient "${GPG_ID}" --encrypt --output "$VAULT_PASSWORD_FILE" <(echo "$VAULT_PASSWORD") | |
| echo "Note, you need to use ansible-vault to use the same passphrase!" | |
| ;; | |
| --decrypt) | |
| if [[ $VAULT_PASSWORD ]]; then | |
| echo $VAULT_PASSWORD | |
| else | |
| if [[ -f "$VAULT_PASSWORD_FILE" ]]; then | |
| gpg2 --batch --use-agent --decrypt "$VAULT_PASSWORD_FILE" | |
| else | |
| echo "ERROR: Unable to find file $VAULT_PASSWORD_FILE, you can use --change to create one" 1>&2 | wrap | |
| exit 1 | |
| fi | |
| fi | |
| ;; | |
| *) | |
| echo "Usage: $0 [--change [gpgid]]" 2>&1 | |
| exit 1 | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment