Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / a9c7e86687d7a74c0ca0d893820633df68d134ee / . / tools / secretstore.py
blob: 1d18142b91e672390c6435dfc9275864769d5204 [file] [log] [blame]
Serge Bazanskia5be0d82018-12-23 01:35:07 +0100[diff] [blame]1#!/usr/bin/env python3
2
3# A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable.
4
5import sys
6import subprocess
7
8keys = [
Sergiusz Bazanski711c4a92019-01-13 00:02:10 +0100[diff] [blame]9 "63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k
10 "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf
Sergiusz Bazanski41bd2b52019-01-17 23:37:36 +0100[diff] [blame]11 "F07205946C07EEB2041A72FBC60C64879534F768", # cz2
12 "0879F9FCA1C836677BB808C870FD60197E195C26", # implr
Serge Bazanskia5be0d82018-12-23 01:35:07 +0100[diff] [blame]13]
14
Sergiusz Bazanskide061802019-01-13 21:14:02 +0100[diff] [blame]15def encrypt(src, dst):
16 cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst]
17 for k in keys:
18 cmd.append('--recipient')
19 cmd.append(k)
20 cmd.append(src)
21 subprocess.check_call(cmd)
22
23def decrypt(src, dst):
24 cmd = ['gpg', '--decrypt', '--output', dst, src]
25 subprocess.check_call(cmd)
26
Serge Bazanskia5be0d82018-12-23 01:35:07 +0100[diff] [blame]27def main():
28 if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'):
Sergiusz Bazanskif2a812b2019-01-13 17:51:34 +0100[diff] [blame]29 sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0]))
30 sys.stderr.flush()
31 return 1
Serge Bazanskia5be0d82018-12-23 01:35:07 +0100[diff] [blame]32
33 action = sys.argv[1]
34 src = sys.argv[2]
35
36 if action == 'encrypt':
Sergiusz Bazanskide061802019-01-13 21:14:02 +0100[diff] [blame]37 encrypt(src, '-')
Serge Bazanskia5be0d82018-12-23 01:35:07 +0100[diff] [blame]38 else:
Sergiusz Bazanskide061802019-01-13 21:14:02 +0100[diff] [blame]39 decrypt(src, '-')
Serge Bazanskia5be0d82018-12-23 01:35:07 +0100[diff] [blame]40
41if __name__ == '__main__':
42 sys.exit(main() or 0)