Skip to content

Instantly share code, notes, and snippets.

@mreschke

mreschke/.secrets

Last active May 5, 2021
Embed
What would you like to do?
.secrets (DotSecrets) gpg encrypted folder helper
#!/bin/bash
# .secrets (dot secrets) by mReschke 2017-10-02
# Download to /usr/local/bin and chmod a+x
# Then run .secrets to setup your first vault!
# Latest gist: https://gist.github.com/mreschke/c0d60e6c81a787c64e61b8ec79c62143
option="$1"
vault="$2"
path=~/.secrets
vaults=$path/vaults
folderName=${vault}Secrets
folder=~/$folderName
fileName=${vault}Secrets.tar.gz
file=$path/$fileName
function lockVault() {
if [ "$vault" == "" ]; then
notice "Please specify a vault to lock. Example ${GREEN}.secrets lock My${DEFAULT}"
echo
listVaults
exit 1
fi
user=${!vault}
vaultExists
if [ -e $folder ]; then
header "Locking $folder to $file"
echo
# Backup and Remove .gpg file if exists
if [ -e $file.gpg ]; then
# Backup previous vault first
backupFile=$path/backups/$(date '+%Y%m%d-%H%M%S')_${fileName}.gpg
step "Backing up previous GPG vault to $backupFile before locking"
cp -a $file.gpg $backupFile
rm $file.gpg
fi
# Zip DotSecrets and remove
step "Compressing $folder folder using TAR and GZ"
echo
cd ~ && tar -zcvf $file $folderName && rm -rf $folder
echo
step "Compression of vault to $file successful"
# GPG Encrypt .secrets.tar.gz
step "Encrypting $file using GPG"
gpg --encrypt --recipient "$user" $file && rm $file
step "Encryption of vault to $file.gpg successful"
step "$vault vault locked!"
echo
info "Done!"
else
if [ -e $file.gpg ]; then
notice "$vault vault is already locked"
info " - ${BLUE}$folder${DEFAULT} not found while ${BLUE}$file.gpg${DEFAULT} exists -"
else
error "$vault vault not found (no $file.gpg)"
fi
fi
}
function unlockVault() {
if [ "$vault" == "" ]; then
notice "Please specify a vault to unlock. Example ${GREEN}.secrets unlock My${DEFAULT}"
echo
listVaults
exit 1
fi
user=${!vault}
vaultExists
if [ -e $folder ]; then
notice "$vault vault is already unlocked"
info " - Folder ${BLUE}$folder${DEFAULT} exists -"
else
if [ -e $file.gpg ]; then
header "Unlocking $file.gpg into $folder"
echo
# GPG Decrypt .secrets.tar.gz.gpg
step "Decrypting $file.gpg using GPG"
gpg --decrypt --output $file $file.gpg
step "Decryption of vault to $file successful"
# Unzip .secrets.tar.gz into DotSecrets
step "Decompressing $file using TAR and GZ"
mv $file ~
cd ~ && tar -xf $fileName && rm $fileName
step "Decompression of vault into $folder successful"
step "$vault vault unlocked!"
echo
notice "Be careful as folder is in plain text."
info "Remember to lock the vault when done using ${GREEN}.secrets lock $vault${DEFAULT}"
echo
info "Done!"
else
notice "$vault vault not found (no $file.gpg)"
fi
fi
}
function listVaults() {
header "Vaults list from $vaults config file"
cat $vaults
}
function createVault() {
if [ "$vault" == "" ]; then
notice "Please specify a vault to create. Example: ${GREEN}.secrets create My${DEFAULT}"
exit 1
fi
header "Creating $vault vault"
echo
info "This .secrets app utilizes GPG to encrypt your vault."
info "You must have a GPG key already setup prior to locking and unlocking .secret vaults."
echo
header "Existing GPG users from gpg --list-keys"
gpg --list-keys
echo
read -p "GPG USER-ID (ex yourgpguser@email.com): " user
gpgUser=$(gpg --list-keys | grep uid | grep "$user")
if [ "$gpgUser" == "" ]; then
echo
notice "No GPG user '$user' found. Please configure GPG with the proepr user and try again."
exit 1
fi
echo "$vault=$user" >> $vaults
folder=~/${vault}Secrets
echo
step "Creating vault folder $folder"
mkdir -p $folder
step "$vault vault created!"
echo
info "Your new vault is open (unlocked)."
info "Add files to ${BLUE}$folder${DEFAULT} then run ${GREEN}.secrets lock $vault${DEFAULT} to encrypt it."
info "Actual gpg encrypted .tar.gz vault file lives in ${LIGHTBLUE}$file.gpg${DEFAULT}"
echo
info "Done!"
}
function usage() {
echo ".secrets (dotsecrets) GPG encrypted folders
Copyright (C) 2017 mReschke.com
This program may be freely redistributed under the terms of the MIT license.
A valid GPG user is required to use .secrets. Read about and configure GPG first.
Encrypted .tar.gz.gpg vault files and configs are stored in $path
Unlocked vaults are stored in your home (~) directory with a 'Secrets' postfix, ie: MySecrets
Examples:
.secrets create My - Create new vault named My
.secrets vaults - List all vaults
.secrets unlock My - Unlock vault named My
.secrets lock My - Lock vault named My
.secrets gpg-help - A small GPG cheatsheet
"
}
function vaultExists() {
if [ "$user" == "" ]; then
notice "$vault vault not found"
echo
listVaults
exit 1
fi
}
function gpgHelp() {
header "GPG Quick Cheatsheet"
info "gpg --list-keys"
}
function init() {
if [ ! -e $path ]; then
# Config not found, first time setup
mkdir -p $path
mkdir -p $path/backups
echo "# Your .secret vaults and their GPG user accounts" >> $vaults
fi
# Source our config file
if [ -e $vaults ]; then
source $vaults
fi
# Bash Colors
DEFAULT="\033[0;0m"
BLUE="\033[0;34m"
GREEN="\033[0;32m"
CYAN="\033[0;36m"
RED="\033[0;31m"
PURPLE="\033[0;35m"
BROWN="\033[0;33m"
LIGHTGRAY="\033[0;37m"
DARKGRAY="\033[1;30m"
LIGHTBLUE="\033[1;34m"
LIGHTGREEN="\033[1;32m"
LIGHTCYAN="\033[1;36m"
LIGHTRED="\033[1;31m"
LIGHTPURPLE="\033[1;35m"
YELLOW="\033[1;33m"
WHITE="\033[1;37m"
}
function header() {
echo -e "${YELLOW}:: ${GREEN}$1 ${YELLOW}::${DEFAULT}"
}
function log() {
echo -e "${DEFAULT}$1"
}
function info() {
echo -e "${WHITE}$1${DEFAULT}"
}
function step() {
echo -e "${BLUE}* ${DARKGRAY}$1${DEFAULT}"
}
function error() {
echo -e "${LIGHTRED}ERROR: ${RED}$1${DEFAULT}"
echo
}
function notice() {
echo -e "${YELLOW}NOTICE: ${BROWN}$1${DEFAULT}"
}
# --------------------------------------------------------------
init
if [ "$option" == "unlock" ]; then
unlockVault
elif [ "$option" == "lock" ]; then
lockVault
elif [ "$option" == "vaults" ]; then
listVaults
elif [ "$option" == "create" ]; then
createVault
elif [ "$option" == "gpg-help" ]; then
gpgHelp
else
usage
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment