45 lines
898 B
Bash
Raw Permalink Normal View History

2023-12-19 11:43:29 +01:00
#!/bin/bash
if [ "$ENCRYPTION_KEY" = "" ]; then
echo "ENCRYPTION_KEY not set"
exit 1
fi
if [ "$MD5_CHECKSUM" = "" ]; then
echo "No checksum given"
exit 1
fi
2025-01-09 14:49:15 +01:00
2023-12-19 11:43:29 +01:00
SECRETS_CIPHERTEXT_FILE=secrets.enc
2023-12-19 12:11:41 +01:00
SECRETS_PLAINTEXT_FILE=/tmp/secrets
2023-12-19 11:43:29 +01:00
TMP_FILE=`mktemp`
POD_NAME_SUFFIX=`date +%s`
cat $SECRETS_CIPHERTEXT_FILE | \
kubectl run openssl-$POD_NAME_SUFFIX \
--rm \
--image bitnami/debian-base-buildpack:latest \
--env KEY=$ENCRYPTION_KEY \
-i \
-q \
-- \
/bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a -d" > \
$TMP_FILE
if [ `uname` = "Darwin" ]; then
CALCULATED_CHECKSUM=`cat $TMP_FILE | md5`
elif [ `uname` = "Linux" ]; then
CALCULATED_CHECKSUM=`cat $TMP_FILE | md5sum - | awk '{print $1}'`
fi
if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then
echo "Invalid checksum"
exit 1
fi
2025-01-09 16:18:53 +01:00
#cat $TMP_FILE
2023-12-19 12:11:41 +01:00
mv $TMP_FILE $SECRETS_PLAINTEXT_FILE
2023-12-19 11:43:29 +01:00