Menno van Leeuwen
2ce4cfb608
Some checks failed
Nix Format Check / check-format (push) Failing after 40s
119 lines
3.5 KiB
Bash
Executable File
119 lines
3.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
source $DOTFILES_PATH/bin/helpers/functions.sh
|
|
|
|
if is_wsl; then
|
|
output=$(op.exe item get "Dotfiles Secrets" --fields password)
|
|
else
|
|
output=$(op item get "Dotfiles Secrets" --fields password)
|
|
fi
|
|
|
|
# Check if command was a success
|
|
if [[ $? -ne 0 ]]; then
|
|
printfe "%s\n" "red" "Failed to fetch password from 1Password."
|
|
fi
|
|
|
|
# In case the output does not contain use 'op item get, it means the password was fetched successfully
|
|
# Without having to reveal the password using an external command
|
|
if [[ ! $output == *"use 'op item get"* ]]; then
|
|
password=$output
|
|
else
|
|
token=$(echo "$output" | grep -oP "(?<=\[use 'op item get ).*(?= --)")
|
|
printfe "%s\n" "cyan" "Got fetch token: $token"
|
|
|
|
if is_wsl; then
|
|
password=$(op.exe item get $token --reveal --field password)
|
|
else
|
|
password=$(op item get $token --reveal --fields password)
|
|
fi
|
|
fi
|
|
|
|
# only continue if password isn't empty
|
|
if [[ -z "$password" ]]; then
|
|
printfe "%s\n" "red" "Something went wrong while fetching the password from 1Password."
|
|
|
|
# Ask for manual input
|
|
printfe "%s" "cyan" "Enter the password manually: "
|
|
read -s password
|
|
echo
|
|
|
|
if [[ -z "$password" ]]; then
|
|
printfe "%s\n" "red" "Password cannot be empty."
|
|
exit 1
|
|
fi
|
|
|
|
printfe "%s\n" "green" "Password entered successfully."
|
|
fi
|
|
|
|
encrypt_folder() {
|
|
for file in $1/*; do
|
|
# Skip if the current file is a .gpg file
|
|
if [[ $file == *.gpg ]]; then
|
|
continue
|
|
fi
|
|
|
|
# Skip if the current file is a .sha256 file
|
|
if [[ $file == *.sha256 ]]; then
|
|
continue
|
|
fi
|
|
|
|
# If the file is a directory, call this function recursively
|
|
if [[ -d $file ]]; then
|
|
encrypt_folder $file
|
|
continue
|
|
fi
|
|
|
|
current_checksum=$(sha256sum "$file" | awk '{ print $1 }')
|
|
checksum_file="$file.sha256"
|
|
|
|
if [[ -f $checksum_file ]]; then
|
|
previous_checksum=$(cat $checksum_file)
|
|
|
|
if [[ $current_checksum == $previous_checksum ]]; then
|
|
continue
|
|
fi
|
|
fi
|
|
|
|
# If the file has an accompanying .gpg file, remove it
|
|
if [[ -f $file.gpg ]]; then
|
|
rm "$file.gpg"
|
|
fi
|
|
|
|
printfe "%s\n" "cyan" "Encrypting $file..."
|
|
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output "$file.gpg" "$file"
|
|
|
|
printfe "%s\n" "cyan" "Staging $file for commit..."
|
|
git add -f "$file.gpg"
|
|
|
|
# Update checksum file
|
|
echo $current_checksum > "$checksum_file"
|
|
done
|
|
}
|
|
|
|
# Recursively decrypt all .gpg files under the folder specified, recursively call this function for sub folders!
|
|
# Keep the original file name minus the .gpg extension
|
|
decrypt_folder() {
|
|
for file in $1/*; do
|
|
# Skip if current file is a .gpg file
|
|
if [[ $file == *.gpg ]]; then
|
|
filename=$(basename $file .gpg)
|
|
printfe "%s\n" "cyan" "Decrypting $file..."
|
|
gpg --quiet --batch --yes --decrypt --passphrase="$password" --output $1/$filename $file
|
|
fi
|
|
|
|
# If file is actually a folder, call this function recursively
|
|
if [[ -d $file ]]; then
|
|
printfe "%s\n" "cyan" "Decrypting folder $file..."
|
|
decrypt_folder $file
|
|
fi
|
|
done
|
|
}
|
|
|
|
if [[ "$1" == "decrypt" ]]; then
|
|
printfe "%s\n" "cyan" "Decrypting secrets..."
|
|
decrypt_folder $DOTFILES_PATH/secrets
|
|
elif [[ "$1" == "encrypt" ]]; then
|
|
printfe "%s\n" "cyan" "Encrypting secrets..."
|
|
encrypt_folder $DOTFILES_PATH/secrets
|
|
fi
|