woodpecker-helper/decrypt-secrets.sh

#!/bin/bash

#
# Set the environment variable GPG_PASSPHRASE
# Pipe the encrypted data and 
#   - redirect the output into the destination file or
#   - directly eval the output, in this case make sure ONLY variable definitions are in the file
#
# The second option would be
#   eval "`cat secrets.asc | ./decrypt-secrets.sh`"
#
# To create the encrypted file use
#   gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
# Make sure to use a good passphrase, make sure to store the passphrase safely.
#
# Adding the encrypted file secrets.asc to a source code repository is secure.
#


gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -
add documented decrypt script 2025-01-29 17:24:28 +01:00			`#!/bin/bash`

			`#`
			`# Set the environment variable GPG_PASSPHRASE`
			`# Pipe the encrypted data and`
			`# - redirect the output into the destination file or`
			`# - directly eval the output, in this case make sure ONLY variable definitions are in the file`
			`#`
			`# The second option would be`
			# eval "`cat secrets.asc \| ./decrypt-secrets.sh`"
			`#`
			`# To create the encrypted file use`
			`# gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt`
			`# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.`
			`# Make sure to use a good passphrase, make sure to store the passphrase safely.`
			`#`
			`# Adding the encrypted file secrets.asc to a source code repository is secure.`
			`#`


			`gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -`