docker build --build-arg KEY=myKey -t encrypted
instance=$(docker run -v $(pwd):/code -e DEST=/code -e KEY=myKey -w /code -d encrypted)
docker exec -it $instance ls /code
FROM alpine:3.12 | |
RUN apk add --update --no-cache openssl | |
WORKDIR /src | |
COPY . . | |
WORKDIR /dest | |
ARG KEY | |
ENV KEY=${KEY} | |
# compress them && | |
RUN tar -C /src -cvzf clear.tgz . &&\ | |
openssl enc -aes-256-cbc -in clear.tgz -out notclear.tgz.enc -pass env:KEY && \ | |
rm -rf /src && unset KEY && rm -rf clear.tgz | |
COPY entrypoint /bin/entrypoint | |
ENTRYPOINT ["sh", "/bin/entrypoint"] |
#!/bin/sh | |
if [ -d "${DEST}" ]; then | |
openssl enc -aes-256-cbc -d -in /dest/notclear.tgz.enc -out /dest/notclear.tgz -pass env:PROT | |
tar -C ${DEST} -xzvf /dest/notclear.tgz | |
fi | |
if [ $# -eq 0 ]; then | |
echo "CMD is empty ${@}" | |
exec tail -f /dev/null | |
else | |
echo "CMD is considered ${@}" | |
exec $@ | |
fi |