crimeminister/gist:da9930518d95032098b06fe3213f8896

## gistfile1.txt
#!/usr/bin/env bash
#
# -*- mode: shell-script -*-

set -eo pipefail

# Take as input a file containing the "private_key_encrypted" value of a
# service account key, extracted from a Terraform state file. To put the
# key there in the first place use Terraform something like this:
#
# resource "google_service_account" "example" {
#   project      = "${module.project.project_id}"
#   account_id   = "example"
#   display_name = "Exable Service Account"
# }
#
# resource "google_service_account_key" "example" {
#   service_account_id = "${google_service_account.example.name}"
#   pgp_key            = "keybase:crimeminister"
#   public_key_type    = "TYPE_X509_PEM_FILE"
# }

filename=$1

if [ ! -f "${filename}" ]; then
    echo "error: not a file: ${filename}"
    exit 1
fi

basename=$(basename "${filename}")
b64_file="/tmp/${basename}.b64"

base64 --decode "${filename}" | gpg --decrypt > "${b64_file}"
base64 --decode "${b64_file}"

rm "${b64_file}"
	#!/usr/bin/env bash
	#
	# -- mode: shell-script --

	set -eo pipefail

	# Take as input a file containing the "private_key_encrypted" value of a
	# service account key, extracted from a Terraform state file. To put the
	# key there in the first place use Terraform something like this:
	#
	# resource "google_service_account" "example" {
	# project = "${module.project.project_id}"
	# account_id = "example"
	# display_name = "Exable Service Account"
	# }
	#
	# resource "google_service_account_key" "example" {
	# service_account_id = "${google_service_account.example.name}"
	# pgp_key = "keybase:crimeminister"
	# public_key_type = "TYPE_X509_PEM_FILE"
	# }

	filename=$1

	if [ ! -f "${filename}" ]; then
	echo "error: not a file: ${filename}"
	exit 1
	fi

	basename=$(basename "${filename}")
	b64_file="/tmp/${basename}.b64"

	base64 --decode "${filename}" \| gpg --decrypt > "${b64_file}"
	base64 --decode "${b64_file}"

	rm "${b64_file}"