Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Feature Request: GPG encrypted files

See original GitHub issue

@I’ve made this quick and dirty hack to allow gpg encrypted files to be automatically decrypted and added to my .gitignore (if not blacklisted yet).

The script also checks if the file has been decrypted already.

#!/usr/bin/env bash

# =======================================
# Encrypt and decrypt files based on gpg
# =======================================
# 
# Howto:
# Create a file, for example test, inside the main directory.
# Now encrypt it using gpg (like 'gpg -o test.enc.gpg -r <IDENTITY> -e test')
# And run this script. 
# The script will find all files ending with .enc.gpg and tries to find it's decrypted file counterpart.
# If the decrypted file is not in the .gitignore file it will be added.
# Further changes to the decrypted file will automatically be transfered to the encrypted file.
# In case there is no decrypted version, the script will also decrypt it itself.
# If the encrypted file is newer than the decrypted one, it will decrypt again.

set -e
shopt -s globstar

# If no GPG ID available in ENV, take the first private identity that we have
[[ "${GPG_ID}" == '' ]] && GPG_ID=$(gpg -K 2>/dev/null | grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" | head -n 1)

# If at this point we don't have a GPG identity, exit
[[ "${GPG_ID}" == '' ]] && exit 1

function decFile(){
  gpg -q -d "${1}" 2>/dev/null > "${2}"
}

function encFile(){
  #echo "[INFO] Encrypting \"${1}\" to \"${2}\""
  gpg -q -o "${2}" -r "${GPG_ID}" -e "${1}" 2>/dev/null
}

function ts2Str(){
  date -d @"${1}" +%Y%m%d%H%M.%S
}

for encName in **/*.enc.gpg; do
  [[ ! -f "${encName}" ]] && continue
  encModified=$(stat -c %Y "${encName}")
  decName="${encName%.enc.gpg}"
  if [[ ! -f "${decName}" ]]; then
    echo "[INFO] Decrypting \"${1}\" to \"${2}\""
    decFile "${encName}" "${decName}"
    touch -mt $(ts2Str ${encModified}) "${decName}"
  else
    decModified=$(stat -c %Y "${decName}")
    if [[ "${decModified}" -gt "${encModified}" ]]; then
      echo "[INFO] Decrypted file \"${decName}\" has changed."
      encFile "${decName}" "${encName}"
      touch -mt $(ts2Str ${decModified}) "${encName}"
    elif [[ "${encModified}" -gt "${decModified}" ]]; then
      echo "[INFO] Encrypted file \"${encName}\" has changed."
      decFile "${encName}" "${decName}"
      touch -mt $(ts2Str ${encModified}) "${decName}"
    fi
  fi
  if [[ ! $(git check-ignore "${decName}") ]]; then
    echo "[INFO] Ignoring \"${decName}\""
    echo -en "\n${decName}" >> '.gitignore'
  fi
done

Maybe it would be helpful for someone?

Issue Analytics

  • State:open
  • Created 7 years ago
  • Reactions:1
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
sobolevncommented, Jun 21, 2017

You can use something like git-secret or blackbox to handle that.

0reactions
anishathalyecommented, Apr 3, 2017

I wonder if it could first be done as a plugin (and then maybe incorporated into the core distribution at some point)?

Read more comments on GitHub >

github_iconTop Results From Across the Web

File encryption and decryption made easy with GPG - Red Hat
GPG is a popular Linux encrypting tool. Find out how to use its power to keep private files private.
Read more >
GPG encrypted file type detection in DLP - Broadcom support portal
Currently, DLP has no default policy template to detect GPG-encrypted file types. A feature request has been submitted to the Product Manager to...
Read more >
GPG - Files.com
Files.com site administrators can enable GPG encryption on a per-folder basis. Enabling GPG encryption for a particular folder also means that files uploaded...
Read more >
Feature request/Proposal: transparent gpg encryption
So if I wanted to send Craftyguy or kyle a message, I could have their gpg key preloaded and it could automaticaly encrypt...
Read more >
[Feature request] File-level encryption : r/plainorg - Reddit
... add a feature request for that (thank you!). Although I have a hunch you already know all that :). epa-file seems to...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Feature request: add optional tasks

Next page

Dotbot should be able to automatically update any and all files I have being tracked