woodpecker-helper/decrypt-secrets.sh

22 lines
788 B
Bash
Raw Normal View History

2025-01-29 17:24:28 +01:00
#!/bin/bash
#
# Set the environment variable GPG_PASSPHRASE
# Pipe the encrypted data and
# - redirect the output into the destination file or
# - directly eval the output, in this case make sure ONLY variable definitions are in the file
#
# The second option would be
# eval "`cat secrets.asc | ./decrypt-secrets.sh`"
#
# To create the encrypted file use
# gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
# Make sure to use a good passphrase, make sure to store the passphrase safely.
#
# Adding the encrypted file secrets.asc to a source code repository is secure.
#
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -