chore: adds secrets
This commit is contained in:
@@ -1,22 +1,9 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Check for unencrypted files in .ssh/config.d/
|
||||
unencrypted_files=$(find config/ssh/config.d/ -type f ! -name "*.gpg")
|
||||
|
||||
if [ -n "$unencrypted_files" ]; then
|
||||
staged_files=$(git diff --cached --name-only)
|
||||
unencrypted_staged_files=""
|
||||
for file in $unencrypted_files; do
|
||||
if [[ $staged_files == *"$file"* ]]; then
|
||||
unencrypted_staged_files="$unencrypted_staged_files $file"
|
||||
fi
|
||||
done
|
||||
|
||||
# If any unencrypted files are staged, exit with a non-zero status
|
||||
if [ -n "$unencrypted_staged_files" ]; then
|
||||
echo ""
|
||||
echo "Error: Unencrypted files are staged for commit!"
|
||||
echo "Use 'dotf secrets encrypt' to encrypt them before committing."
|
||||
exit 1
|
||||
fi
|
||||
# Check if there are files under secrets/ directory that don't end with .gpg that are staged
|
||||
if git diff --cached --name-only | grep -q 'secrets/'; then
|
||||
if git diff --cached --name-only | grep -v '\.gpg$' | grep -q 'secrets/'; then
|
||||
echo "ERROR: You have unencrypted files under secrets/ directory. Please encrypt them before committing."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
@@ -56,6 +56,30 @@ else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
encrypt_folder() {
|
||||
for file in $1/*; do
|
||||
# Skip if current file is a .gpg file
|
||||
if [[ $file == *.gpg ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# If file is actually a folder, call this function recursively
|
||||
if [[ -d $file ]]; then
|
||||
printfe "%s\n" "cyan" "Encrypting folder $file..."
|
||||
encrypt_folder $file
|
||||
continue
|
||||
fi
|
||||
|
||||
# If the file has a accompanying .gpg file, remove it
|
||||
if [[ -f $file.gpg ]]; then
|
||||
rm $file.gpg
|
||||
fi
|
||||
|
||||
printfe "%s\n" "cyan" "Encrypting $file..."
|
||||
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
# Do the same for files under $HOME/dotfiles/secrets/ (These can be any file type, not just .conf so keep the extension)
|
||||
if [[ "$2" == "decrypt" ]]; then
|
||||
@@ -71,17 +95,5 @@ elif [[ "$2" == "encrypt" ]]; then
|
||||
printfe "%s\n" "cyan" "Encrypting secrets..."
|
||||
echo -en '\r'
|
||||
|
||||
for file in $HOME/dotfiles/secrets/*; do
|
||||
# Skip if current file is a .gpg file
|
||||
if [[ $file == *.gpg ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# If the file has a accompanying .gpg file, remove it
|
||||
if [[ -f $file.gpg ]]; then
|
||||
rm $file.gpg
|
||||
fi
|
||||
|
||||
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
|
||||
done
|
||||
encrypt_folder $HOME/dotfiles/secrets
|
||||
fi
|
||||
|
Reference in New Issue
Block a user