#!/bin/bash

if [ "$ENCRYPTION_KEY" = "" ]; then
  echo "ENCRYPTION_KEY not set"
  exit 1
fi

SECRETS_PLAINTEXT_FILE=secrets.txt
SECRETS_CIPHERTEXT_FILE=secrets.enc

if [ `uname` = "Darwin" ]; then
  cat $SECRETS_PLAINTEXT_FILE | md5
elif [ `uname` = "Linux" ]; then
  cat $SECRETS_PLAINTEXT_FILE | md5sum - | awk '{print $1}'
fi

POD_NAME_SUFFIX=`date +%s`

cat $SECRETS_PLAINTEXT_FILE | \
  kubectl run openssl-$POD_NAME_SUFFIX \
    --rm \
    --image bitnami/debian-base-buildpack:latest \
    --env KEY=$ENCRYPTION_KEY \
    -i \
    -q \
    -- \
    /bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a" > \
    $SECRETS_CIPHERTEXT_FILE