A simple bash script that downloads files from an S3 bucket, decrypts them (PGP), encrypts them back with another key and uploads them to another S3 bucket

s3-download-pgp-decrypt-encrypt-upload.sh

#!/bin/bash
# set -x

# Utility functions
printResultMark() { 
    if [ $? -eq 0 ]; then
        echo "  ✅"
    else
        echo "  ❌"
    fi
}

printHelp() {
    echo "Parameters:"
    echo "  -s => Source bucket where files are"
    echo "  -d => Destination bucket name where encrypted files should be sent to"
    echo "  -k => Signing key recipient"
    echo "  -e => Show s3cmd output"
    echo " "
    echo " All parameters are required"
}

checkParameter() {
    if [ -z "$1" ]; then
        echo "Parameter $2 is required"
        exit 1
    fi
}

# Check if requirements are available
if ! [ -x "$(command -v s3cmd)" ]; then
  echo "Error: s3cmd is not installed."
  echo "  Check out install instructions here: http://s3tools.org/s3cmd"
  echo "  macOs brew: brew install s3cmd"
  exit 1
fi

if ! [ -x "$(command -v gpg)" ]; then
  echo "Error: gpg is not installed."
  echo "  Check out install instructions here: https://gpgtools.org"
  echo "  macOs brew: brew install gpg"
  exit 1
fi


# Process arguments
OPTIND=1         # Reset in case getopts has been used previously in the shell.
EXTENDED_OUTPUT=false
while getopts "hes:d:k:" opt; do
    case "$opt" in
    h)
        printHelp
        exit 0
        ;;
    s)  SOURCE_BUCKET=$OPTARG
        ;;
    d)  DESTINATION_BUCKET=$OPTARG
        ;;
    k)  SIGNING_KEY=$OPTARG
        ;;
    e)  EXTENDED_OUTPUT=true
        ;;
    esac
done

checkParameter "$SOURCE_BUCKET" "-s"
checkParameter "$DESTINATION_BUCKET" "-d"
checkParameter "$SIGNING_KEY" "-k"

LOCAL_FOLDER="`pwd`/`date +%Y%m%d_%H%M%S`"
LOCAL_DOWNLOADED_FOLDER="$LOCAL_FOLDER/downloaded"
LOCAL_ENCRYPTED_FOLDER="$LOCAL_FOLDER/encrypted"
LOCAL_DECRYPTED_FOLDER="$LOCAL_FOLDER/decrypted"

echo "Using $LOCAL_FOLDER as local storage"

mkdir -p $LOCAL_FOLDER
mkdir -p $LOCAL_DOWNLOADED_FOLDER
mkdir -p $LOCAL_ENCRYPTED_FOLDER
mkdir -p $LOCAL_DECRYPTED_FOLDER

cd $LOCAL_FOLDER

echo "Downloading files from $SOURCE_BUCKET"
s3cmd get --force --no-progress s3://$SOURCE_BUCKET/* $LOCAL_DOWNLOADED_FOLDER

echo "  Done downloading files 😎"

echo 
echo "Start processing files: "
for file in `ls $LOCAL_DOWNLOADED_FOLDER/*`
do
    filename=`basename $file`
    echo -e "  # $file"
    echo -ne "    * Decrypting ... "

    if [ "$EXTENDED_OUTPUT" = true ];
    then
        echo ""
        gpg --batch --yes --decrypt -o $LOCAL_DECRYPTED_FOLDER/$filename $file
        echo ""
    else
        gpg --batch --yes --decrypt -o $LOCAL_DECRYPTED_FOLDER/$filename $file > /dev/null 2>&1
        printResultMark
    fi
    
    echo -ne "    * Encrypting ... "
    if [ "$EXTENDED_OUTPUT" = true ];
    then
        echo ""
        gpg --batch --yes --encrypt --recipient $SIGNING_KEY -o $LOCAL_ENCRYPTED_FOLDER/$filename $LOCAL_DECRYPTED_FOLDER/$filename
        echo ""
    else
        gpg --batch --yes --encrypt --recipient $SIGNING_KEY -o $LOCAL_ENCRYPTED_FOLDER/$filename $LOCAL_DECRYPTED_FOLDER/$filename > /dev/null 2>&1
        printResultMark
    fi

    echo -ne "    * Uploading  ...  "
    if [ "$EXTENDED_OUTPUT" = true ];
    then
        echo ""
        s3cmd put --no-progress $LOCAL_ENCRYPTED_FOLDER/$filename s3://$DESTINATION_BUCKET
        echo ""
    else
        s3cmd put --no-progress $LOCAL_ENCRYPTED_FOLDER/$filename s3://$DESTINATION_BUCKET > /dev/null 2>&1
        printResultMark
    fi

done

echo 
echo "  Done processing files 🍻"

cd --