| #!/usr/bin/env python3 |
| |
| # A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable. |
| |
| import sys |
| import subprocess |
| |
| keys = [ |
| "63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k |
| "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf |
| "F07205946C07EEB2041A72FBC60C64879534F768", # cz2 |
| "0879F9FCA1C836677BB808C870FD60197E195C26", # implr |
| ] |
| |
| def encrypt(src, dst): |
| cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst] |
| for k in keys: |
| cmd.append('--recipient') |
| cmd.append(k) |
| cmd.append(src) |
| subprocess.check_call(cmd) |
| |
| def decrypt(src, dst): |
| cmd = ['gpg', '--decrypt', '--output', dst, src] |
| subprocess.check_call(cmd) |
| |
| def main(): |
| if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'): |
| sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0])) |
| sys.stderr.flush() |
| return 1 |
| |
| action = sys.argv[1] |
| src = sys.argv[2] |
| |
| if action == 'encrypt': |
| encrypt(src, '-') |
| else: |
| decrypt(src, '-') |
| |
| if __name__ == '__main__': |
| sys.exit(main() or 0) |