Created
December 27, 2024 09:30
-
-
Save OhadRubin/a405f3ac8df4de511b9cf9668d8c91dc to your computer and use it in GitHub Desktop.
create_enc_script.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # create_enc_script.sh - Creates an encrypted script containing API keys and uploads to GitHub Gist | |
| # Usage: bash create_enc_script.sh --path_to_dot_env_file .my_tmp --password your_password --github_token $GITHUB_ACCESS_TOKEN | |
| # Function to show usage | |
| show_usage() { | |
| echo "Usage: $0 --path_to_dot_env_file <path> --password <password> --github_token <token>" | |
| exit 1 | |
| } | |
| # Parse command line arguments | |
| while [[ $# -gt 0 ]]; do | |
| case $1 in | |
| --path_to_dot_env_file) | |
| ENV_FILE="$2" | |
| shift 2 | |
| ;; | |
| --password) | |
| PASSWORD="$2" | |
| shift 2 | |
| ;; | |
| --github_token) | |
| GITHUB_TOKEN="$2" | |
| shift 2 | |
| ;; | |
| *) | |
| show_usage | |
| ;; | |
| esac | |
| done | |
| # Validate inputs | |
| if [[ -z "$ENV_FILE" || -z "$PASSWORD" || -z "$GITHUB_TOKEN" ]]; then | |
| show_usage | |
| fi | |
| if [[ ! -f "$ENV_FILE" ]]; then | |
| echo "Error: .env file not found at $ENV_FILE" | |
| exit 1 | |
| fi | |
| echo "ENV_FILE: $ENV_FILE" | |
| echo "PASSWORD: $PASSWORD" | |
| ENCRYPTED=$(cat "$ENV_FILE" | openssl enc -aes-256-cbc -md sha512 -a -salt -pass pass:"$PASSWORD" -pbkdf2 | base64) | |
| cat > load_api_keys.sh << EOL | |
| #!/bin/bash | |
| if [[ \$# -ne 1 ]]; then | |
| echo "Usage: \$0 <password>" | |
| exit 1 | |
| fi | |
| ENCRYPTED_B64='${ENCRYPTED}' | |
| PASSWORD="\$1" | |
| # Decode base64 and decrypt | |
| DECRYPTED=\$(echo "\$ENCRYPTED_B64" | base64 -d | openssl enc -aes-256-cbc -md sha512 -a -d -pass pass:"\$PASSWORD" -pbkdf2 2>/dev/null) | |
| if [[ \$? -ne 0 ]]; then | |
| echo "Error: Decryption failed. Invalid password." | |
| exit 1 | |
| fi | |
| echo "\$DECRYPTED" | |
| EOL | |
| chmod +x load_api_keys.sh | |
| # Escape the script content for JSON | |
| SCRIPT_CONTENT=$(cat load_api_keys.sh) | |
| JSON_PAYLOAD=$(cat << EOF | |
| { | |
| "description": "Encrypted Environment Variables Loader", | |
| "public": false, | |
| "files": { | |
| "load_api_keys.sh": { | |
| "content": $(echo "$SCRIPT_CONTENT" | jq -Rs .) | |
| } | |
| } | |
| } | |
| EOF | |
| ) | |
| RESPONSE=$(curl -s -X POST \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/gists \ | |
| -d "$JSON_PAYLOAD") | |
| GIST_URL=$(echo "$RESPONSE" | jq -r '.files."load_api_keys.sh".raw_url') | |
| if [[ -z "$GIST_URL" || "$GIST_URL" == "null" ]]; then | |
| echo "Error: Failed to upload Gist. Response:" | |
| echo "$RESPONSE" | |
| exit 1 | |
| fi | |
| # echo $SCRIPT_CONTENT | |
| echo "Script created successfully and uploaded to GitHub Gist" | |
| echo "Raw URL: $GIST_URL" | |
| echo "To use it, run: wget -qO- $GIST_URL | bash -s -- <password>" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment