Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame] | 1 | #!/usr/bin/env python3 |
| 2 | |
| 3 | # A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable. |
| 4 | |
| 5 | import sys |
| 6 | import subprocess |
| 7 | |
| 8 | keys = [ |
Sergiusz Bazanski | 711c4a9 | 2019-01-13 00:02:10 +0100 | [diff] [blame] | 9 | "63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k |
| 10 | "482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf |
Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame] | 11 | ] |
| 12 | |
Sergiusz Bazanski | de06180 | 2019-01-13 21:14:02 +0100 | [diff] [blame] | 13 | def encrypt(src, dst): |
| 14 | cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst] |
| 15 | for k in keys: |
| 16 | cmd.append('--recipient') |
| 17 | cmd.append(k) |
| 18 | cmd.append(src) |
| 19 | subprocess.check_call(cmd) |
| 20 | |
| 21 | def decrypt(src, dst): |
| 22 | cmd = ['gpg', '--decrypt', '--output', dst, src] |
| 23 | subprocess.check_call(cmd) |
| 24 | |
Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame] | 25 | def main(): |
| 26 | if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'): |
Sergiusz Bazanski | f2a812b | 2019-01-13 17:51:34 +0100 | [diff] [blame] | 27 | sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0])) |
| 28 | sys.stderr.flush() |
| 29 | return 1 |
Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame] | 30 | |
| 31 | action = sys.argv[1] |
| 32 | src = sys.argv[2] |
| 33 | |
| 34 | if action == 'encrypt': |
Sergiusz Bazanski | de06180 | 2019-01-13 21:14:02 +0100 | [diff] [blame] | 35 | encrypt(src, '-') |
Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame] | 36 | else: |
Sergiusz Bazanski | de06180 | 2019-01-13 21:14:02 +0100 | [diff] [blame] | 37 | decrypt(src, '-') |
Serge Bazanski | a5be0d8 | 2018-12-23 01:35:07 +0100 | [diff] [blame] | 38 | |
| 39 | if __name__ == '__main__': |
| 40 | sys.exit(main() or 0) |