wn/woodpecker-helper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add documented decrypt script
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/tag/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2025-01-29 17:24:28 +01:00
parent 118baa38f8
commit b6904e4ed2
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -6,6 +6,8 @@ RUN apk add --no-cache kubectl gpg gpg-agent bash && \
addgroup $USER && \ addgroup $USER && \
adduser -G $USER -D $USER adduser -G $USER -D $USER
COPY decrypt-secrets.sh /usr/local/bin/
USER $USER USER $USER
WORKDIR /home/$USER WORKDIR /home/$USER

21
decrypt-secrets.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
#
# Set the environment variable GPG_PASSPHRASE
# Pipe the encrypted data and
# - redirect the output into the destination file or
# - directly eval the output, in this case make sure ONLY variable definitions are in the file
#
# The second option would be
# eval "`cat secrets.asc | ./decrypt-secrets.sh`"
#
# To create the encrypted file use
# gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
# Make sure to use a good passphrase, make sure to store the passphrase safely.
#
# Adding the encrypted file secrets.asc to a source code repository is secure.
#
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -