Skip to content

Instantly share code, notes, and snippets.

@lira
Forked from benhagen/awscreds_encrypt.sh
Created January 6, 2023 19:05
Show Gist options
  • Save lira/89c086c9b7704af7317a41722cf3437b to your computer and use it in GitHub Desktop.
Save lira/89c086c9b7704af7317a41722cf3437b to your computer and use it in GitHub Desktop.
BASH script to take your two AWS environment vars, and encrypt them via AES-256. Store these values in a generated shell script which can be sourced to apply the variables when the correct password is given.
#!/bin/bash
read -sp "Enter encryption password: " PASSWORD
echo ""
read -sp "Confirm encryption password: " PASSWORD_CONFIRM
echo ""
if [[ "$PASSWORD" != "$PASSWORD_CONFIRM" ]]; then
echo "ERROR: Passwords do not match!"
exit 1
fi
echo "Enter your AWS_ACCESS_KEY_ID:"
read AWS_ACCESS_KEY_ID
echo "Enter your AWS_SECRET_ACCESS_KEY:"
read AWS_SECRET_ACCESS_KEY
export PASSW=$PASSWORD
AWS_ACCESS_KEY_ID_ENC=$(echo "$AWS_ACCESS_KEY_ID" | openssl enc -e -aes-256-cbc -pass env:PASSW | openssl base64 -A)
AWS_SECRET_ACCESS_KEY_ENC=$(echo "$AWS_SECRET_ACCESS_KEY" | openssl enc -e -aes-256-cbc -pass env:PASSW | openssl base64 -A)
unset PASSW
cat > ./awscreds.sh <<EOF
#!/bin/bash
AWS_ACCESS_KEY_ID_ENC="$AWS_ACCESS_KEY_ID_ENC"
AWS_SECRET_ACCESS_KEY_ENC="$AWS_SECRET_ACCESS_KEY_ENC"
read -sp "Enter encryption password: " PASSWORD
export PASSW=\$PASSWORD
AWS_ACCESS_KEY_ID=\$(echo -n "\$AWS_ACCESS_KEY_ID_ENC" | openssl base64 -d -A | openssl enc -d -aes-256-cbc -pass env:PASSW)
AWS_SECRET_ACCESS_KEY=\$(echo -n "\$AWS_SECRET_ACCESS_KEY_ENC" | openssl base64 -d -A | openssl enc -d -aes-256-cbc -pass env:PASSW)
if [ \$? -ne 0 ]; then
unset PASSW
echo "ERROR: Password doesn't appear correct!"
echo "Unsetting environment variables ..."
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
return 1
fi
unset PASSW
echo ""
echo "Setting AWS ACCESS environment variables ..."
export AWS_ACCESS_KEY_ID=\$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=\$AWS_SECRET_ACCESS_KEY
EOF
chmod +x ./awscreds.sh
echo "Run '. ./awscreds.sh' to decrypt and apply AWS keys to the current environment"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment