Created
February 25, 2020 21:58
-
-
Save jamcole/b0054f9b54aabc733cf33b26ab0e0132 to your computer and use it in GitHub Desktop.
SOPS POC - Run before and after 'kustomize' commands... Secret files are named *.secret.*, files are renamed to *.encrypted.*
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Config file for Mozilla SOPS: https://github.com/mozilla/sops | |
| # | |
| # find files to decrypt with `find . -name '*.encrypted.*' | |
| # find files to encrypt with `find . -name '*.secret.*' | |
| # | |
| # creation rules are evaluated sequentially, the first match wins | |
| creation_rules: | |
| # all files that match pattern *.secret.* or *.encrypted.* | |
| - path_regex: \.(secret|encrypted)\. | |
| pgp: '166586CD6F1A906D0786BE50C26EFAE7B312A5D8' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Files to decrypt | |
| SHOULD_DECRYPT_FILEGLOB='*.encrypted.*' | |
| # sed regex replace for decrypted filename | |
| SED_REPLACE_FILENAME='s/\.encrypted\./\.secret\./' | |
| if [ ! -f .sops.yaml ]; then | |
| >&2 echo "Error finding '.sops.yaml'!" | |
| exit 1; | |
| fi | |
| if ! which sops > /dev/null; then | |
| >&2 echo "Error finding 'sops' on PATH!" | |
| exit 1; | |
| fi | |
| if which cygpath > /dev/null; then | |
| if which gpg2 > /dev/null; then | |
| export SOPS_GPG_EXEC=$($(which cygpath) -w $(which gpg2)) | |
| elif which gpg > /dev/null; then | |
| export SOPS_GPG_EXEC=$($(which cygpath) -w $(which gpg)) | |
| else | |
| >&2 echo "Error finding 'gpg2' or 'gpg' on PATH!" | |
| >&2 echo "You may install it with 'apt-cyg install gnupg2'" | |
| exit 1; | |
| fi | |
| elif ! which gpg > /dev/null; then | |
| >&2 echo "Error finding 'gpg' on PATH!" | |
| exit 1; | |
| fi | |
| find . -name "${SHOULD_DECRYPT_FILEGLOB}" -exec bash -c 'for F; do output=$(sops -d "$F") && echo "$output">"$(echo $F|sed -e "'${SED_REPLACE_FILENAME}'")" && rm -f "$F" || >&2 echo "Error decrypting $F" && exit 1; done' bash {} + | |
| if [ $? != 0 ]; then | |
| exit 1 | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Files to encrypt | |
| SHOULD_ENCRYPT_FILEGLOB='*.secret.*' | |
| # sed regex replace for encrypted filename | |
| SED_REPLACE_FILENAME='s/\.secret\./\.encrypted\./' | |
| if [ ! -f .sops.yaml ]; then | |
| >&2 echo "Error finding '.sops.yaml'!" | |
| exit 1; | |
| fi | |
| if ! which sops > /dev/null; then | |
| >&2 echo "Error finding 'sops' on PATH!" | |
| exit 1; | |
| fi | |
| if which cygpath > /dev/null; then | |
| if which gpg2 > /dev/null; then | |
| export SOPS_GPG_EXEC=$($(which cygpath) -w $(which gpg2)) | |
| elif which gpg > /dev/null; then | |
| export SOPS_GPG_EXEC=$($(which cygpath) -w $(which gpg)) | |
| else | |
| >&2 echo "Error finding 'gpg2' or 'gpg' on PATH!" | |
| >&2 echo "You may install it with 'apt-cyg install gnupg2'" | |
| exit 1; | |
| fi | |
| elif ! which gpg > /dev/null; then | |
| >&2 echo "Error finding 'gpg' on PATH!" | |
| exit 1; | |
| fi | |
| find . -name "${SHOULD_ENCRYPT_FILEGLOB}" -exec bash -c 'for F; do output=$(sops -e "$F") && echo "$output">"$(echo $F|sed -e "'${SED_REPLACE_FILENAME}'")" && rm -f "$F" || >&2 echo "Error encrypting $F" && exit 1; done' bash {} + | |
| if [ $? != 0 ]; then | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment