Skip to content

Instantly share code, notes, and snippets.

@akiatoji

akiatoji/encrypting_secrets.sh

Created May 23, 2019 18:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save akiatoji/b561bb138d87218666f5459819e9cc1d to your computer and use it in GitHub Desktop.
Save akiatoji/b561bb138d87218666f5459819e9cc1d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
encrypting_secrets.sh
#!/usr/bin/env bash
gcloud services enable cloudkms.googleapis.com
KEYRING=keyring
KEY=secrets
gcloud kms keys list --location global --keyring $KEYRING
if [[ $? -ne 0 ]]; then
gcloud kms keyrings create ${KEYRING} --location global
gcloud kms keys create ${KEY} --location global \
--keyring ${KEYRING} --purpose encryption
fi
rm -f secrets.cfg.encrypted
gcloud kms encrypt --location global \
--keyring ${KEYRING} \
--key ${KEY} \
--plaintext-file secrets.cfg \
--ciphertext-file secrets.cfg.encrypted
gsutil cp sectets.cfg.encrypted gs://vault
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment