#!/bin/bash # # Set the environment variable GPG_PASSPHRASE # Pipe the encrypted data and # - redirect the output into the destination file or # - directly eval the output, in this case make sure ONLY variable definitions are in the file # # The second option would be # eval "`cat secrets.asc | ./decrypt-secrets.sh`" # # To create the encrypted file use # gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt # where secrets.txt is the cleartext file and secrets.asc will be the encrypted file. # Make sure to use a good passphrase, make sure to store the passphrase safely. # # Adding the encrypted file secrets.asc to a source code repository is secure. # gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -