#!/bin/bash if [ "$ENCRYPTION_KEY" = "" ]; then echo "ENCRYPTION_KEY not set" exit 1 fi if [ "$MD5_CHECKSUM" = "" ]; then echo "No checksum given" exit 1 fi SECRETS_CIPHERTEXT_FILE=secrets.enc SECRETS_PLAINTEXT_FILE=/tmp/secrets TMP_FILE=`mktemp` POD_NAME_SUFFIX=`date +%s` cat $SECRETS_CIPHERTEXT_FILE | \ kubectl run openssl-$POD_NAME_SUFFIX \ --rm \ --image bitnami/debian-base-buildpack:latest \ --env KEY=$ENCRYPTION_KEY \ -i \ -q \ -- \ /bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a -d" > \ $TMP_FILE if [ `uname` = "Darwin" ]; then CALCULATED_CHECKSUM=`cat $TMP_FILE | md5` elif [ `uname` = "Linux" ]; then CALCULATED_CHECKSUM=`cat $TMP_FILE | md5sum - | awk '{print $1}'` fi if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then echo "Invalid checksum" exit 1 fi #cat $TMP_FILE mv $TMP_FILE $SECRETS_PLAINTEXT_FILE