Last active
November 7, 2022 05:23
-
-
Save kulvind3r/b0cc6a72862ef1f4e50c4dca26a27048 to your computer and use it in GitHub Desktop.
A bare bones en/decryption script based on aes-256-cbc algo. Handy to store file based secrets securely.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
SCRIPT_NAME=$0 | |
OPT=$1 | |
FILES_PATH=$2 | |
PASSPHRASE=$3 | |
usage() { | |
echo -n "${SCRIPT_NAME} [OPTIONS] [FILE_PATH] [PASSPHRASE] | |
Encrypts/Decrypts files at given path | |
Options: | |
-e|--encrypt Encrypts | |
-d|--decrypt Decrypts | |
" | |
exit 1 | |
} | |
encrypt() { | |
FILES_TO_ENCRYPT=$(find "${FILES_PATH}" -type f | grep -v '.enc' | grep -v '.git/' ) | |
for FILE in ${FILES_TO_ENCRYPT[@]} | |
do | |
echo "Encrypting $FILE" | |
openssl enc -aes-256-cbc -md sha512 -salt -pass pass:"${PASSPHRASE}" -in $FILE -out $FILE.enc | |
rm $FILE | |
done | |
echo "Done encrypting all files." | |
} | |
decrypt() { | |
FILES_TO_DECRYPT=$(find "${FILES_PATH}" -type f | grep '.enc') | |
for FILE in ${FILES_TO_DECRYPT[@]} | |
do | |
echo "Decrypting $FILE" | |
OUTPUT_FILE=${FILE/.enc/} | |
openssl enc -aes-256-cbc -md sha512 -d -salt -pass pass:"${PASSPHRASE}" -in $FILE -out $OUTPUT_FILE | |
rm $FILE | |
done | |
echo "Done decrypting all files." | |
} | |
case $OPT in | |
-e|--encrypt) | |
encrypt | |
;; | |
-d|--decrypt) | |
decrypt | |
;; | |
*) | |
usage | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment