Last active
February 23, 2023 14:16
-
-
Save tuxetuxe/25376def710d281f0cebf4e49ac6f13e to your computer and use it in GitHub Desktop.
A simple bash script that downloads files from an S3 bucket, decrypts them (PGP), encrypts them back with another key and uploads them to another S3 bucket
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# set -x | |
# Utility functions | |
printResultMark() { | |
if [ $? -eq 0 ]; then | |
echo " ✅" | |
else | |
echo " ❌" | |
fi | |
} | |
printHelp() { | |
echo "Parameters:" | |
echo " -s => Source bucket where files are" | |
echo " -d => Destination bucket name where encrypted files should be sent to" | |
echo " -k => Signing key recipient" | |
echo " -e => Show s3cmd output" | |
echo " " | |
echo " All parameters are required" | |
} | |
checkParameter() { | |
if [ -z "$1" ]; then | |
echo "Parameter $2 is required" | |
exit 1 | |
fi | |
} | |
# Check if requirements are available | |
if ! [ -x "$(command -v s3cmd)" ]; then | |
echo "Error: s3cmd is not installed." | |
echo " Check out install instructions here: http://s3tools.org/s3cmd" | |
echo " macOs brew: brew install s3cmd" | |
exit 1 | |
fi | |
if ! [ -x "$(command -v gpg)" ]; then | |
echo "Error: gpg is not installed." | |
echo " Check out install instructions here: https://gpgtools.org" | |
echo " macOs brew: brew install gpg" | |
exit 1 | |
fi | |
# Process arguments | |
OPTIND=1 # Reset in case getopts has been used previously in the shell. | |
EXTENDED_OUTPUT=false | |
while getopts "hes:d:k:" opt; do | |
case "$opt" in | |
h) | |
printHelp | |
exit 0 | |
;; | |
s) SOURCE_BUCKET=$OPTARG | |
;; | |
d) DESTINATION_BUCKET=$OPTARG | |
;; | |
k) SIGNING_KEY=$OPTARG | |
;; | |
e) EXTENDED_OUTPUT=true | |
;; | |
esac | |
done | |
checkParameter "$SOURCE_BUCKET" "-s" | |
checkParameter "$DESTINATION_BUCKET" "-d" | |
checkParameter "$SIGNING_KEY" "-k" | |
LOCAL_FOLDER="`pwd`/`date +%Y%m%d_%H%M%S`" | |
LOCAL_DOWNLOADED_FOLDER="$LOCAL_FOLDER/downloaded" | |
LOCAL_ENCRYPTED_FOLDER="$LOCAL_FOLDER/encrypted" | |
LOCAL_DECRYPTED_FOLDER="$LOCAL_FOLDER/decrypted" | |
echo "Using $LOCAL_FOLDER as local storage" | |
mkdir -p $LOCAL_FOLDER | |
mkdir -p $LOCAL_DOWNLOADED_FOLDER | |
mkdir -p $LOCAL_ENCRYPTED_FOLDER | |
mkdir -p $LOCAL_DECRYPTED_FOLDER | |
cd $LOCAL_FOLDER | |
echo "Downloading files from $SOURCE_BUCKET" | |
s3cmd get --force --no-progress s3://$SOURCE_BUCKET/* $LOCAL_DOWNLOADED_FOLDER | |
echo " Done downloading files 😎" | |
echo | |
echo "Start processing files: " | |
for file in `ls $LOCAL_DOWNLOADED_FOLDER/*` | |
do | |
filename=`basename $file` | |
echo -e " # $file" | |
echo -ne " * Decrypting ... " | |
if [ "$EXTENDED_OUTPUT" = true ]; | |
then | |
echo "" | |
gpg --batch --yes --decrypt -o $LOCAL_DECRYPTED_FOLDER/$filename $file | |
echo "" | |
else | |
gpg --batch --yes --decrypt -o $LOCAL_DECRYPTED_FOLDER/$filename $file > /dev/null 2>&1 | |
printResultMark | |
fi | |
echo -ne " * Encrypting ... " | |
if [ "$EXTENDED_OUTPUT" = true ]; | |
then | |
echo "" | |
gpg --batch --yes --encrypt --recipient $SIGNING_KEY -o $LOCAL_ENCRYPTED_FOLDER/$filename $LOCAL_DECRYPTED_FOLDER/$filename | |
echo "" | |
else | |
gpg --batch --yes --encrypt --recipient $SIGNING_KEY -o $LOCAL_ENCRYPTED_FOLDER/$filename $LOCAL_DECRYPTED_FOLDER/$filename > /dev/null 2>&1 | |
printResultMark | |
fi | |
echo -ne " * Uploading ... " | |
if [ "$EXTENDED_OUTPUT" = true ]; | |
then | |
echo "" | |
s3cmd put --no-progress $LOCAL_ENCRYPTED_FOLDER/$filename s3://$DESTINATION_BUCKET | |
echo "" | |
else | |
s3cmd put --no-progress $LOCAL_ENCRYPTED_FOLDER/$filename s3://$DESTINATION_BUCKET > /dev/null 2>&1 | |
printResultMark | |
fi | |
done | |
echo | |
echo " Done processing files 🍻" | |
cd -- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment