-
-
Save brandur/a68fb37c4059c281fa6b to your computer and use it in GitHub Desktop.
gpgup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
if [ -z "$GPGUP_TEMP" ]; then | |
echo 'gpgup: please set $GPGUP_TEMP' | |
exit 1 | |
fi | |
GPGUP_ENCRYPTED_PATH=$GPGUP_PATH | |
# spin until we can find a suitable temporary file name | |
GPGUP_PATH=$GPGUP_TEMP/gpgup-$RANDOM | |
while [ -f "$GPGUP_PATH" ]; do | |
GPGUP_PATH=$GPGUP_TEMP/gpgup-$RANDOM | |
done | |
# make sure that the cleartext file has restricted access | |
touch $GPGUP_PATH | |
chmod 600 $GPGUP_PATH | |
# decrypt | |
gpg --batch -q -d $GPGUP_ENCRYPTED_PATH > $GPGUP_PATH | |
# don't fail on bad exits from here on out to maximize the chances that our | |
# "rm" of the decrypted path gets run even if everything else fails | |
set +e | |
eval "$@" | |
# optionally encrypt after exit (don't do this by default for safety/speed) | |
if [ "$GPGUP_WRITE" == "true" ]; then | |
>&2 echo "gpgup: writing $GPGUP_ENCRYPTED_PATH" | |
gpg --batch --yes -q --output $GPGUP_ENCRYPTED_PATH -e $GPGUP_PATH | |
fi | |
# clean up the temporary path | |
rm -f $GPGUP_PATH |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example usage: