Last active
April 9, 2017 04:21
-
-
Save niklio/ff47e887746e5ff671e562364bac58f6 to your computer and use it in GitHub Desktop.
Shell scripts for encrypting and decrypting environment variables so you can add them to version control
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
parent () | |
{ | |
if [[ "$OSTYPE" == "darwin"* ]]; | |
then | |
command -v greadlink >/dev/null 2>&1 || { echo >&2 "Missing dependency: greadlink. Aborting."; exit 1; } | |
echo "$( greadlink -f "$1" )"; | |
else | |
command -v readlink >/dev/null 2>&1 || { echo >&2 "Missing dependency: readlink. Aborting."; exit 1; } | |
echo "$( readlink -f "$1" )"; | |
fi | |
} | |
# Set django base dir | |
DJANGO_BIN_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"; | |
DJANGO_BASE_DIR="$( parent "$DJANGO_BIN_DIR/.." )"; | |
uncipher () | |
{ | |
echo Decrypting $1 into $2; | |
CIPHER_PATH=$DJANGO_BASE_DIR/conf/$1; | |
PLAIN_PATH=$DJANGO_BASE_DIR/conf/$2; | |
openssl aes-256-cbc -d -in $CIPHER_PATH -out $PLAIN_PATH -k $KEY; | |
} | |
for CONF_CIPHER_PATH in $DJANGO_BASE_DIR/conf/*; | |
do | |
CONF_CIPHER_FILENAME="$( echo $CONF_CIPHER_PATH | rev | cut -d"/" -f1 | rev )"; | |
if [[ -f $CONF_CIPHER_PATH && "$( echo $CONF_CIPHER_FILENAME | grep \w*\.cipher )" != "" ]]; | |
then | |
CONF_PLAIN_FILENAME="$( echo $CONF_CIPHER_FILENAME | sed -r --posix s/\(\w*\)\.cipher/$1.env/ )"; | |
uncipher $CONF_CIPHER_FILENAME $CONF_PLAIN_FILENAME; | |
fi | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Macos readlink is for some reason called greadlink | |
parent () | |
{ | |
if [[ "$OSTYPE" == "darwin"* ]]; | |
then | |
command -v greadlink >/dev/null 2>&1 || { echo >&2 "Missing dependency: greadlink. Aborting."; exit 1; } | |
echo "$( greadlink -f "$1" )"; | |
else | |
command -v readlink >/dev/null 2>&1 || { echo >&2 "Missing dependency: readlink. Aborting."; exit 1; } | |
echo "$( readlink -f "$1" )"; | |
fi | |
} | |
# Set django base dir | |
DJANGO_BIN_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"; | |
DJANGO_BASE_DIR="$( parent "$DJANGO_BIN_DIR/.." )"; | |
# Cipher plain env file into a cipher file | |
# Args: | |
# $1: filename of plain environment config | |
# $2: desired filename for ciphered environment config | |
# Returns: | |
# void | |
cipher () | |
{ | |
echo Encrypting $1 into $2; | |
PLAIN_PATH=$DJANGO_BASE_DIR/conf/$1; | |
CIPHER_PATH=$DJANGO_BASE_DIR/conf/$2; | |
yes | openssl aes-256-cbc -e -in $PLAIN_PATH -out $CIPHER_PATH -k $KEY; | |
} | |
for CONF_PLAIN_PATH in $DJANGO_BASE_DIR/conf/*; | |
do | |
CONF_PLAIN_FILENAME="$( echo $CONF_PLAIN_PATH | rev | cut -d"/" -f1 | rev )"; | |
if [[ -f $CONF_PLAIN_PATH && "$( echo $CONF_PLAIN_FILENAME | grep \w*\.env )" != "" ]]; | |
then | |
CONF_CIPHER_FILENAME="$( echo $CONF_PLAIN_FILENAME | sed -r --posix s/\(\w*\)\.env/$1.cipher/ )"; | |
cipher $CONF_PLAIN_FILENAME $CONF_CIPHER_FILENAME; | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment