2018-12-23 00:35:07 +00:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
|
|
|
|
|
# A little tool to encrypt/decrypt git secrets. Kinda like password-store, but more purpose specific and portable.
|
|
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
import subprocess
|
|
|
|
|
|
|
|
|
|
keys = [
|
2019-01-12 23:02:10 +00:00
|
|
|
"63DFE737F078657CC8A51C00C29ADD73B3563D82", # q3k
|
|
|
|
|
"482FF104C29294AD1CAF827BA43890A3DE74ECC7", # inf
|
2019-01-17 22:37:36 +00:00
|
|
|
"F07205946C07EEB2041A72FBC60C64879534F768", # cz2
|
|
|
|
|
"0879F9FCA1C836677BB808C870FD60197E195C26", # implr
|
2018-12-23 00:35:07 +00:00
|
|
|
]
|
|
|
|
|
|
2019-01-13 20:14:02 +00:00
|
|
|
def encrypt(src, dst):
|
|
|
|
|
cmd = ['gpg' , '--encrypt', '--armor', '--batch', '--yes', '--output', dst]
|
|
|
|
|
for k in keys:
|
|
|
|
|
cmd.append('--recipient')
|
|
|
|
|
cmd.append(k)
|
|
|
|
|
cmd.append(src)
|
|
|
|
|
subprocess.check_call(cmd)
|
|
|
|
|
|
|
|
|
|
def decrypt(src, dst):
|
|
|
|
|
cmd = ['gpg', '--decrypt', '--output', dst, src]
|
|
|
|
|
subprocess.check_call(cmd)
|
|
|
|
|
|
2018-12-23 00:35:07 +00:00
|
|
|
def main():
|
|
|
|
|
if len(sys.argv) < 3 or sys.argv[1] not in ('encrypt', 'decrypt'):
|
2019-01-13 16:51:34 +00:00
|
|
|
sys.stderr.write("Usage: {} encrypt/decrypt file\n".format(sys.argv[0]))
|
|
|
|
|
sys.stderr.flush()
|
|
|
|
|
return 1
|
2018-12-23 00:35:07 +00:00
|
|
|
|
|
|
|
|
action = sys.argv[1]
|
|
|
|
|
src = sys.argv[2]
|
|
|
|
|
|
|
|
|
|
if action == 'encrypt':
|
2019-01-13 20:14:02 +00:00
|
|
|
encrypt(src, '-')
|
2018-12-23 00:35:07 +00:00
|
|
|
else:
|
2019-01-13 20:14:02 +00:00
|
|
|
decrypt(src, '-')
|
2018-12-23 00:35:07 +00:00
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
sys.exit(main() or 0)
|
