Skip to content

Instantly share code, notes, and snippets.

@benhagen
Last active January 6, 2023 19:05
Show Gist options
  • Save benhagen/5580170 to your computer and use it in GitHub Desktop.
Save benhagen/5580170 to your computer and use it in GitHub Desktop.
BASH script to take your two AWS environment vars, and encrypt them via AES-256. Store these values in a generated shell script which can be sourced to apply the variables when the correct password is given.
#!/bin/bash
read -sp "Enter encryption password: " PASSWORD
echo ""
read -sp "Confirm encryption password: " PASSWORD_CONFIRM
echo ""
if [[ "$PASSWORD" != "$PASSWORD_CONFIRM" ]]; then
echo "ERROR: Passwords do not match!"
exit 1
fi
echo "Enter your AWS_ACCESS_KEY_ID:"
read AWS_ACCESS_KEY_ID
echo "Enter your AWS_SECRET_ACCESS_KEY:"
read AWS_SECRET_ACCESS_KEY
export PASSW=$PASSWORD
AWS_ACCESS_KEY_ID_ENC=$(echo "$AWS_ACCESS_KEY_ID" | openssl enc -e -aes-256-cbc -pass env:PASSW | openssl base64 -A)
AWS_SECRET_ACCESS_KEY_ENC=$(echo "$AWS_SECRET_ACCESS_KEY" | openssl enc -e -aes-256-cbc -pass env:PASSW | openssl base64 -A)
unset PASSW
cat > ./awscreds.sh <<EOF
#!/bin/bash
AWS_ACCESS_KEY_ID_ENC="$AWS_ACCESS_KEY_ID_ENC"
AWS_SECRET_ACCESS_KEY_ENC="$AWS_SECRET_ACCESS_KEY_ENC"
read -sp "Enter encryption password: " PASSWORD
export PASSW=\$PASSWORD
AWS_ACCESS_KEY_ID=\$(echo -n "\$AWS_ACCESS_KEY_ID_ENC" | openssl base64 -d -A | openssl enc -d -aes-256-cbc -pass env:PASSW)
AWS_SECRET_ACCESS_KEY=\$(echo -n "\$AWS_SECRET_ACCESS_KEY_ENC" | openssl base64 -d -A | openssl enc -d -aes-256-cbc -pass env:PASSW)
if [ \$? -ne 0 ]; then
unset PASSW
echo "ERROR: Password doesn't appear correct!"
echo "Unsetting environment variables ..."
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
return 1
fi
unset PASSW
echo ""
echo "Setting AWS ACCESS environment variables ..."
export AWS_ACCESS_KEY_ID=\$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=\$AWS_SECRET_ACCESS_KEY
EOF
chmod +x ./awscreds.sh
echo "Run '. ./awscreds.sh' to decrypt and apply AWS keys to the current environment"
@benhagen
Copy link
Author

Noticed something off between MacOS and Ubuntu ... probably openssl stuff. Looking into it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment