feat: adds secrets
Signed-off-by: Menno van Leeuwen <menno@vleeuwen.me>
This commit is contained in:
18
bin/actions/git/pre-commit
Executable file
18
bin/actions/git/pre-commit
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env zsh
|
||||
|
||||
source ~/dotfiles/bin/helpers/functions.sh
|
||||
|
||||
# Check for unencrypted files in .ssh/config.d/
|
||||
unencrypted_files=$(find config/ssh/config.d/ -type f ! -name "*.gpg")
|
||||
|
||||
if [ -n "$unencrypted_files" ]; then
|
||||
printfe "%s\n" "red" "Unencrypted files found in .ssh/config.d/:"
|
||||
for file in $(find config/ssh/config.d/ -type f ! -name "*.gpg"); do
|
||||
printfe "%s\n" "yellow" " - $file"
|
||||
done
|
||||
|
||||
echo ""
|
||||
printfe "%s\n" "blue" "Use 'dotf secrets encrypt' to encrypt them."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
41
bin/actions/secrets.sh
Executable file
41
bin/actions/secrets.sh
Executable file
@@ -0,0 +1,41 @@
|
||||
#!/usr/bin/env zsh
|
||||
|
||||
source ~/dotfiles/bin/helpers/functions.sh
|
||||
|
||||
####################################################################################################
|
||||
# Decrypt secrets
|
||||
####################################################################################################
|
||||
printfe "%s\n" "cyan" "Fetching password from 1Password..."
|
||||
echo -en '\r'
|
||||
|
||||
output=$(op item get "SSH Config Secrets" --fields password)
|
||||
command=$(echo "$output" | grep -oP "(?<=use ').*(?=')")
|
||||
password=$(eval $command | grep -oP "(?<= password: ).*" | tr -d '\n')
|
||||
|
||||
# Check what we are supposed to do (Either decrypt or encrypt)
|
||||
if [[ "$2" == "decrypt" ]]; then
|
||||
printfe "%s\n" "cyan" "Decrypting .ssh/config.d/ files..."
|
||||
echo -en '\r'
|
||||
|
||||
for file in ~/.ssh/config.d/*.gpg; do
|
||||
filename=$(basename $file .gpg)
|
||||
gpg --quiet --batch --yes --decrypt --passphrase="$password" --output ~/.ssh/config.d/$filename $file
|
||||
rm $file
|
||||
done
|
||||
elif [[ "$2" == "encrypt" ]]; then
|
||||
printfe "%s\n" "cyan" "Encrypting .ssh/config.d/ files..."
|
||||
echo -en '\r'
|
||||
|
||||
for file in ~/.ssh/config.d/*; do
|
||||
# Skip already encrypted files
|
||||
if [[ $file == *.gpg ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
|
||||
rm $file
|
||||
done
|
||||
else
|
||||
printfe "%s\n" "red" "Invalid argument. Use 'decrypt' or 'encrypt'"
|
||||
exit 1
|
||||
fi
|
||||
@@ -25,7 +25,8 @@ else
|
||||
check_or_make_symlink ~/.gitconfig ~/dotfiles/config/gitconfig.linux
|
||||
fi
|
||||
|
||||
check_or_make_symlink ~/.ssh/config ~/dotfiles/ssh/config
|
||||
check_or_make_symlink ~/.ssh/config ~/dotfiles/config/ssh/config
|
||||
check_or_make_symlink ~/.ssh/config.d ~/dotfiles/config/ssh/config.d
|
||||
check_or_make_symlink ~/.wezterm.lua ~/dotfiles/config/wezterm.lua
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user