universal-data-ingest/deployment/encrypt-secrets.sh

#!/bin/bash

ENCRYPTION_KEY=`openssl rand -hex 32`
echo $ENCRYPTION_KEY

SECRETS_PLAINTEXT_FILE=secrets.txt
SECRETS_CIPHERTEXT_FILE=secrets.enc

if [ `uname` = "Darwin" ]; then
  cat $SECRETS_PLAINTEXT_FILE | md5
elif [ `uname` = "Linux" ]; then
  cat $SECRETS_PLAINTEXT_FILE | md5sum - | awk '{print $1}'
fi

POD_NAME_SUFFIX=`date +%s`

cat $SECRETS_PLAINTEXT_FILE | \
  kubectl run openssl-$POD_NAME_SUFFIX \
    --rm \
    --image bitnami/debian-base-buildpack:latest \
    --env KEY=$ENCRYPTION_KEY \
    -i \
    -q \
    -- \
    /bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a" > \
    $SECRETS_CIPHERTEXT_FILE
secrets handling 2023-12-19 11:43:29 +01:00			`#!/bin/bash`

add decoder for lsn50 3-way 2024-02-09 13:38:55 +01:00			ENCRYPTION_KEY=`openssl rand -hex 32`
			`echo $ENCRYPTION_KEY`
secrets handling 2023-12-19 11:43:29 +01:00
			`SECRETS_PLAINTEXT_FILE=secrets.txt`
			`SECRETS_CIPHERTEXT_FILE=secrets.enc`

			if [ `uname` = "Darwin" ]; then
			`cat $SECRETS_PLAINTEXT_FILE \| md5`
			elif [ `uname` = "Linux" ]; then
			`cat $SECRETS_PLAINTEXT_FILE \| md5sum - \| awk '{print $1}'`
			`fi`

			POD_NAME_SUFFIX=`date +%s`

			`cat $SECRETS_PLAINTEXT_FILE \| \`
			`kubectl run openssl-$POD_NAME_SUFFIX \`
			`--rm \`
			`--image bitnami/debian-base-buildpack:latest \`
			`--env KEY=$ENCRYPTION_KEY \`
			`-i \`
			`-q \`
			`-- \`
			`/bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a" > \`
			`$SECRETS_CIPHERTEXT_FILE`