a_secret_demo

ap42:secrets user$ cat test
USERNAME=zerocool
PASSWORD=crash_override

ap42:secrets user$ ./secret.sh test
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

ap42:secrets user$ ls
secret.sh	test.enc

ap42:secrets user$ cat test.enc
U2FsdGVkX181vM9+ukx21/sq9LnRy78bQ7dYu7q71mGukcDAqpJ3v+cUjeWUjqsC
gRpELQfQWTTj6GI5l9PIHA==

ap42:secrets user$ echo $USERNAME $PASSWORD

ap42:secrets user$ source ./secret.sh test.enc
enter aes-256-cbc decryption password:
USERNAME
PASSWORD

ap42:secrets user$ echo $USERNAME $PASSWORD
zerocool crash_override
ap42:secrets user$

secret.sh

#!/usr/bin/env bash
set -euo pipefail

# you need to run this with source ./secret.sh
file=$1

if [[  ${file} =~ \.enc$ ]]; then
	#decrypting
    throw_away=()
	while IFS= read -r line; do
	    throw_away+=( "$line" )
	done < <( openssl aes-256-cbc -d -a -in ${file} )

	for each in "${throw_away[@]}"
	do
	  export $each
	   echo $(echo $each | cut -f1 -d"=")
	done	
  
else 
	openssl aes-256-cbc -a -salt -in ${file} -out ${file}.enc 
	filestats=( $( ls -Lon "${file}" ) ) # to get size
    dd if=/dev/urandom of=${file} bs=${filestats[3]} count=1 &>/dev/null
    rm ${file}

fi