Encrypted Environment Variable files. Use make_secret.sh example.env to obtain example.env_decrypt.env. Then source the file to evaluate it. Example provided

make_secret.sh

#!/bin/bash
# Simple env encrypt 
# Emanuele Ruffaldi 2025

# Check if a filename is provided
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <filename>"
    exit 1
fi

INPUT_FILENAME="$1"
OUTPUT_FILENAME="${INPUT_FILENAME}_decrypt.env"

# Check if the input file exists
if [ ! -f "$INPUT_FILENAME" ]; then
    echo "Error: File '$INPUT_FILENAME' does not exist."
    exit 1
fi

# Encrypt the input file to create MYDATA
cat >$OUTPUT_FILENAME <<'EOM'
ENCRYPTED_DATA=$(cat <<'EOF'
EOM
openssl aes-256-cbc -a -salt -pbkdf2 -in "$INPUT_FILENAME" | base64 >> $OUTPUT_FILENAME 

cat >>$OUTPUT_FILENAME <<'EOM'
EOF
)
DECRYPTED_DATA=$(echo "$ENCRYPTED_DATA" | base64 -d | openssl aes-256-cbc -d -a -salt -pbkdf2)
if [ $? -eq 0 ]; then
  eval "$DECRYPTED_DATA"
else
  echo "Decryption failed" >&2
  exit 1
fi
EOM

# Check if the creation was successful
if [ $? -eq 0 ]; then
    echo "Decryption file written to '$OUTPUT_FILENAME'."
else
    echo "Decryption failed. Please check your input and encryption settings."
    exit 1
fi

test_example.env

MYUSER=me
MYPASS=pass

test_example.env_decrypt.env

# use password "Be"
# Creation:
#   ./makesecret.sh test_example.env
# Evaluation:
#   source test_example.env_decrypt.env
ENCRYPTED_DATA=$(cat <<'EOF'
VTJGc2RHVmtYMTlMZHpmQnUrTWMyNkhWL1dwNkdKUFdRdWpHTDBVMlBOODFWVmJ1cmg4RHBJQ0Jx
TGNsMFZvRQo=
EOF
)
DECRYPTED_DATA=$(echo "$ENCRYPTED_DATA" | base64 -d | openssl aes-256-cbc -d -a -salt -pbkdf2)
if [ $? -eq 0 ]; then
  eval "$DECRYPTED_DATA"
else
  echo "Decryption failed" >&2
  exit 1
fi