Matthew McKinnon
a56fca6a14
All checks were successful
Deploy / Prepare Build (push) Successful in 1m33s
49 lines
1.4 KiB
Bash
Executable File
49 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# If number of arguments is 0
|
|
if [ $# -eq 0 ]
|
|
then
|
|
echo "This script will encrypt of decrypt all files containing secrets."
|
|
echo "There are all files in vars as well as all secrets.yaml files under each service."
|
|
echo "Specify 'decrypt' or 'encrypt' as argument"
|
|
echo "If you put the vault password in a password file named .vault_password, the script will not ask for a password."
|
|
exit 1
|
|
fi
|
|
|
|
#files=`find . \( -type d -name 'group_vars' -o -name 'vars' \) -exec find {} -type f \;`
|
|
files=(
|
|
"./group_vars/all.yml"
|
|
"./roles/docker/vars/main.yml"
|
|
"./roles/traefik/vars/main.yml"
|
|
"./scripts/rclone.conf"
|
|
)
|
|
|
|
# password_type=--ask-vault-password
|
|
# if [ -f "~/.vault_password.txt" ]
|
|
# then
|
|
# if [ `stat -c %a ~/.vault_password.txt` != "600" ]
|
|
# then
|
|
# echo "~/.vault_password.txt file has bad permissions; fixing this to 600"
|
|
# chmod 600 ~/.vault_password.txt
|
|
# fi
|
|
# password_type="--vault-password-file=~/.vault_password.txt"
|
|
# fi
|
|
|
|
if [ $1 == "encrypt" ]
|
|
then
|
|
for file in "${files[@]}"; do
|
|
echo "$file encrypted"
|
|
ansible-vault encrypt --vault-password-file=~/.vault_password "$file"
|
|
echo $value;
|
|
done
|
|
|
|
elif [ $1 == "decrypt" ]
|
|
then
|
|
for file in "${files[@]}"; do
|
|
echo "$file decrypted"
|
|
ansible-vault decrypt --vault-password-file=~/.vault_password "$file"
|
|
done
|
|
else
|
|
echo "Wrong argument supplied. Run without arguments to see allowed ones."
|
|
fi
|