#!/bin/bash

#
# Set the environment variable GPG_PASSPHRASE
# Pipe the encrypted data and 
#   - redirect the output into the destination file or
#   - directly eval the output, in this case make sure ONLY variable definitions are in the file
#
# The second option would be
#   eval "`cat secrets.asc | ./decrypt-secrets.sh`"
#
# To create the encrypted file use
#   gpg --symmetric --cipher-algo AES256 --armor --output secrets.asc secrets.txt
# where secrets.txt is the cleartext file and secrets.asc will be the encrypted file.
# Make sure to use a good passphrase, make sure to store the passphrase safely.
#
# Adding the encrypted file secrets.asc to a source code repository is secure.
#


gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output -