2023-12-19 11:43:29 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
if [ "$ENCRYPTION_KEY" = "" ]; then
|
|
|
|
|
echo "ENCRYPTION_KEY not set"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$MD5_CHECKSUM" = "" ]; then
|
|
|
|
|
echo "No checksum given"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2025-01-09 14:49:15 +01:00
|
|
|
|
2023-12-19 11:43:29 +01:00
|
|
|
SECRETS_CIPHERTEXT_FILE=secrets.enc
|
2023-12-19 12:11:41 +01:00
|
|
|
SECRETS_PLAINTEXT_FILE=/tmp/secrets
|
2023-12-19 11:43:29 +01:00
|
|
|
TMP_FILE=`mktemp`
|
|
|
|
|
POD_NAME_SUFFIX=`date +%s`
|
|
|
|
|
|
|
|
|
|
cat $SECRETS_CIPHERTEXT_FILE | \
|
|
|
|
|
kubectl run openssl-$POD_NAME_SUFFIX \
|
|
|
|
|
--rm \
|
|
|
|
|
--image bitnami/debian-base-buildpack:latest \
|
|
|
|
|
--env KEY=$ENCRYPTION_KEY \
|
|
|
|
|
-i \
|
|
|
|
|
-q \
|
|
|
|
|
-- \
|
|
|
|
|
/bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a -d" > \
|
|
|
|
|
$TMP_FILE
|
|
|
|
|
|
|
|
|
|
if [ `uname` = "Darwin" ]; then
|
|
|
|
|
CALCULATED_CHECKSUM=`cat $TMP_FILE | md5`
|
|
|
|
|
elif [ `uname` = "Linux" ]; then
|
|
|
|
|
CALCULATED_CHECKSUM=`cat $TMP_FILE | md5sum - | awk '{print $1}'`
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then
|
|
|
|
|
echo "Invalid checksum"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2025-01-09 16:18:53 +01:00
|
|
|
#cat $TMP_FILE
|
2023-12-19 12:11:41 +01:00
|
|
|
mv $TMP_FILE $SECRETS_PLAINTEXT_FILE
|
2023-12-19 11:43:29 +01:00
|
|
|
|
|
|
|
|
|
