wn/ci-helper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add documented decrypt script
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/tag/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2025-01-29 17:24:28 +01:00
parent 118baa38f8
commit b6904e4ed2
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
decrypt-secrets.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
#
# Set the environment variable GPG_PASSPHRASE
# Pipe the encrypted data and
# - redirect the output into the destination file or
# - directly eval the output, in this case make sure ONLY variable definitions are in the file
#
# The second option would be
# eval "`cat secrets.asc | ./decrypt-secrets.sh`"
#
# To create the encrypted file use
# gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
# Make sure to use a good passphrase, make sure to store the passphrase safely.
#
# Adding the encrypted file secrets.asc to a source code repository is secure.
#
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -