Skip to content

Instantly share code, notes, and snippets.

@boly38

boly38/README.md

Last active November 29, 2021 21:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save boly38/21aca0d8bf1b79b6e1344e8487829c6e to your computer and use it in GitHub Desktop.
Save boly38/21aca0d8bf1b79b6e1344e8487829c6e to your computer and use it in GitHub Desktop.
Download ZIP
Use KeePass from command line (KPScript plugin) in order to generate project secrets file
Raw
README.md

Use Keepass to store and generates env file

Scripts

  • keepassEnv.sh is linux-compatible (also git bash for windows works)
  • keepassEnv.bat is windows-compatible (could be improved)
  • keepassCheckout.sh is linux-compatible and allow to read multiple files in one shoot

each script may be self-documented

Usage

Feel free to use it. Keep the gist url to improve them in a central point

See also

Raw
keepassCheckout.sh
#!/bin/bash
# gist: https://gist.github.com/boly38/21aca0d8bf1b79b6e1344e8487829c6e
# requirements :
# - assume a project id prefix of 2 letters, ex. my
# - create a KeePass entry having title="my.env.production" and secret script in "Notes" field
# - create a KeePass entry having title="my.env.development" and secret script in "Notes" field
# - create a local entries file called 'keepass_files.txt'
# containing one filename (without project id prefix) per line.
# keepass_files.txt - example:
# .env.production
# .env.development
# => keepassCheckout will checkout from your keepass db each filename where kp entry is (project id prefix + filename)
# exemple: read my.env.production keepass entry notes to write .env.production file.
#
# - KPScript must point to your KPScript.exe - KPScript is a keepass plugin https://keepass.info/plugins.html
# - KEEPASS_DB must be your keepass database
# - KEEPASS_FILE must be your keepass secret identity
# - having target file .gitignore is good practice
#
GREEN=\\033[32m
RED=\\033[31m
NC=\\033[0m
PROJECT_ID=${PROJECT_ID:-my}
KP_CMD=${KPScript:-/C/Tools/KeePass2/KPScript.exe}
KP_DB=${KEEPASS_DB:-/C/pk/my_keePass_db.kdbx}
KP_PK_FILE=${KEEPASS_FILE:-/C/pk/my_private_key.pk}
[ ! -f "${KP_CMD}" ] && echo "KeePass plugin KPScript ${KP_CMD} does not exist." && exit 1
[ ! -f "${KP_DB}" ] && echo "KeePass db ${KP_DB} does not exist." && exit 1
[ ! -f "${KP_PK_FILE}" ] && echo "KeePass pk file ${KP_PK_FILE} does not exist." && exit 1
KP_PROJECT_FILES=keepass_files.txt
[ ! -f "${KP_PROJECT_FILES}" ] && echo "KeePass project files ${KP_PROJECT_FILES} does not exist." && exit 1
tr -d '\r' <"${KP_PROJECT_FILES}" | while read targetFile || [[ -n $targetFile ]];
do
echo "create ${targetFile} from ${PROJECT_ID}${targetFile}"
${KP_CMD} -c:GetEntryString "${KP_DB}" -keyfile:"${KP_PK_FILE}" -Field:"Notes" -ref-Title:"${PROJECT_ID}${targetFile}" \
| grep -v "Operation completed" > "${targetFile}" \
&& echo -e "${targetFile} ${GREEN}generated${NC}" || echo -e " ${RED}XXX ${PROJECT_ID}${targetFile} is missing${NC}"
done
Raw
keepassEnv.bat
#!/bin/bash
# gist: https://gist.github.com/boly38/21aca0d8bf1b79b6e1344e8487829c6e
# requirements :
# - create a KeePass entry having title="(PUT_YOUR_SHORT_PROJECT_ID)_env.dontpush.bat" and secret script in "Notes" field
# - PROJECT_ID must be a short id for your project
# - KPScript must point to your KPScript.exe - KPScript is a keepass plugin https://keepass.info/plugins.html
# - KEEPASS_DB must be your keepass database
# - KEEPASS_FILE must be your keepass secret identity
# - having *.dontpush.* in .gitignore is good practice here
REM set PROJECT_ID=xxx
REM set KP_CMD=C:\TOOLS\KeePass2\KPScript.exe
REM set KP_PK_FILE=C:\pk\my_private_key.pk
REM set KP_DB=C:\pk\KeePass_Db.kdbx
REM set KP_ENTRY_TITLE=xx_env.dontpush.sh
REM set TARGET_PROJECT_SECRET=%PROJECT_ID%_env.dontpush.bat
%KP_CMD% -c:GetEntryString "%KP_DB%" -keyfile:"%KP_PK_FILE%" -Field:"Notes" -ref-Title:"%KP_ENTRY_TITLE%" ^
| FINDSTR /V "Operation completed" > "%TARGET_PROJECT_SECRET%" ^
&& echo "%TARGET_PROJECT_SECRET% generated"
Raw
keepassEnv.sh
#!/bin/bash
# gist: https://gist.github.com/boly38/21aca0d8bf1b79b6e1344e8487829c6e
# requirements :
# - create a KeePass entry having title="(PUT_YOUR_SHORT_PROJECT_ID)_env.dontpush.sh" and secret script in "Notes" field
# - PROJECT_ID must be a short id for your project
# - KPScript must point to your KPScript.exe - KPScript is a keepass plugin https://keepass.info/plugins.html
# - KEEPASS_DB must be your keepass database
# - KEEPASS_FILE must be your keepass secret identity
# - having *.dontpush.* in .gitignore is good practice here
PROJECT_ID=${PROJECT_ID:-ch}
KP_CMD=${KPScript:-/C/Tools/KeePass2/KPScript.exe}
KP_DB=${KEEPASS_DB:-/C/pk/my_keePass_db.kdbx}
KP_PK_FILE=${KEEPASS_FILE:-/C/pk/my_private_key.pk}
KP_ENTRY_TITLE="${PROJECT_ID}_env.dontpush.sh"
TARGET_PROJECT_SECRET="${TARGET_PROJECT_SECRET:-${KP_ENTRY_TITLE}}"
[ ! -f "${KP_CMD}" ] && echo "KeePass plugin KPScript ${KP_CMD} does not exist." && exit 1
[ ! -f "${KP_DB}" ] && echo "KeePass db ${KP_DB} does not exist." && exit 1
[ ! -f "${KP_PK_FILE}" ] && echo "KeePass pk file ${KP_PK_FILE} does not exist." && exit 1
${KP_CMD} -c:GetEntryString "${KP_DB}" -keyfile:"${KP_PK_FILE}" -Field:"Notes" -ref-Title:"${KP_ENTRY_TITLE}" \
| grep -v "Operation completed" > "${TARGET_PROJECT_SECRET}" \
&& echo "${TARGET_PROJECT_SECRET} generated"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment