Last active
May 5, 2020 11:42
-
-
Save rich-nahra/09b20bdb4c49a4b738a7fcb1559352ab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
encryptAction(){ | |
gpg --trust-model always --encrypt --armor --output $encrypted_file --recipient $client $file | |
} | |
decryptAction() { | |
gpg --no-tty --pinentry-mode=loopback --batch --passphrase-file=/home/rich/secrets/$client --decrypt --output $file $encrypted_file | |
} | |
#future. then remove import lines in dockerfile. this way, image doesn't contain imported keys. | |
ImportClientKeys(){ | |
#gpg --no-tty --batch --import $client | |
} | |
while getopts ":a:c:e:f:" opt; do | |
case $opt in | |
a) action="$OPTARG" | |
;; | |
c) client="$OPTARG" | |
;; | |
e) encrypted_file="$OPTARG" | |
;; | |
f) file="$OPTARG" | |
;; | |
\?) | |
echo "Invalid option: -$OPTARG" >&2 | |
exit 1 | |
;; | |
:) | |
echo "Option -$OPTARG requires an argument." >&2 | |
exit 1 | |
;; | |
esac | |
done | |
case $action in | |
encrypt) encryptAction | |
;; | |
decrypt) decryptAction | |
;; | |
esac | |
#base64 /dev/urandom | head -c 1000000 > 1MB-plain.txt | |
#docker build -f "Dockerfile" -t pgp-task-runner:latest "." | |
#docker run -v $(pwd):/home/rich pgp-task-runner -a encrypt -f /home/rich/1MB-plain.txt -e /home/rich/1MB-encrypted -c rich@xyz.com | |
#docker run -v $(pwd):/home/rich pgp-task-runner -a decrypt -f /home/rich/1MB-decrypted.txt -c rich@xyz.com -e /home/rich/1MB-encrypted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:18.04 | |
RUN apt-get update && apt-get install -y gnupg2 curl nano wget | |
COPY docker-entrypoint.sh /usr/local/bin/ | |
COPY mypublic.asc /tmp/mypublic.asc | |
COPY myprivate.key /tmp/myprivate.key | |
#Future move import logic to a running container instead of in the image | |
RUN cat /tmp/mypublic.asc | gpg --import - | |
RUN cat /tmp/myprivate.key | gpg --no-tty --batch --import - | |
RUN rm /tmp/mypublic.asc | |
RUN rm /tmp/myprivate.key | |
ENTRYPOINT ["docker-entrypoint.sh"] | |
CMD ["$@"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment