Feature Request: GPG encrypted files
See original GitHub issue@I’ve made this quick and dirty hack to allow gpg encrypted files to be automatically decrypted and added to my .gitignore (if not blacklisted yet).
The script also checks if the file has been decrypted already.
#!/usr/bin/env bash
# =======================================
# Encrypt and decrypt files based on gpg
# =======================================
#
# Howto:
# Create a file, for example test, inside the main directory.
# Now encrypt it using gpg (like 'gpg -o test.enc.gpg -r <IDENTITY> -e test')
# And run this script.
# The script will find all files ending with .enc.gpg and tries to find it's decrypted file counterpart.
# If the decrypted file is not in the .gitignore file it will be added.
# Further changes to the decrypted file will automatically be transfered to the encrypted file.
# In case there is no decrypted version, the script will also decrypt it itself.
# If the encrypted file is newer than the decrypted one, it will decrypt again.
set -e
shopt -s globstar
# If no GPG ID available in ENV, take the first private identity that we have
[[ "${GPG_ID}" == '' ]] && GPG_ID=$(gpg -K 2>/dev/null | grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" | head -n 1)
# If at this point we don't have a GPG identity, exit
[[ "${GPG_ID}" == '' ]] && exit 1
function decFile(){
gpg -q -d "${1}" 2>/dev/null > "${2}"
}
function encFile(){
#echo "[INFO] Encrypting \"${1}\" to \"${2}\""
gpg -q -o "${2}" -r "${GPG_ID}" -e "${1}" 2>/dev/null
}
function ts2Str(){
date -d @"${1}" +%Y%m%d%H%M.%S
}
for encName in **/*.enc.gpg; do
[[ ! -f "${encName}" ]] && continue
encModified=$(stat -c %Y "${encName}")
decName="${encName%.enc.gpg}"
if [[ ! -f "${decName}" ]]; then
echo "[INFO] Decrypting \"${1}\" to \"${2}\""
decFile "${encName}" "${decName}"
touch -mt $(ts2Str ${encModified}) "${decName}"
else
decModified=$(stat -c %Y "${decName}")
if [[ "${decModified}" -gt "${encModified}" ]]; then
echo "[INFO] Decrypted file \"${decName}\" has changed."
encFile "${decName}" "${encName}"
touch -mt $(ts2Str ${decModified}) "${encName}"
elif [[ "${encModified}" -gt "${decModified}" ]]; then
echo "[INFO] Encrypted file \"${encName}\" has changed."
decFile "${encName}" "${decName}"
touch -mt $(ts2Str ${encModified}) "${decName}"
fi
fi
if [[ ! $(git check-ignore "${decName}") ]]; then
echo "[INFO] Ignoring \"${decName}\""
echo -en "\n${decName}" >> '.gitignore'
fi
done
Maybe it would be helpful for someone?
Issue Analytics
- State:
- Created 7 years ago
- Reactions:1
- Comments:11 (3 by maintainers)
Top Results From Across the Web
File encryption and decryption made easy with GPG - Red Hat
GPG is a popular Linux encrypting tool. Find out how to use its power to keep private files private.
Read more >GPG encrypted file type detection in DLP - Broadcom support portal
Currently, DLP has no default policy template to detect GPG-encrypted file types. A feature request has been submitted to the Product Manager to...
Read more >GPG - Files.com
Files.com site administrators can enable GPG encryption on a per-folder basis. Enabling GPG encryption for a particular folder also means that files uploaded...
Read more >Feature request/Proposal: transparent gpg encryption
So if I wanted to send Craftyguy or kyle a message, I could have their gpg key preloaded and it could automaticaly encrypt...
Read more >[Feature request] File-level encryption : r/plainorg - Reddit
... add a feature request for that (thank you!). Although I have a hunch you already know all that :). epa-file seems to...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
You can use something like
git-secret
orblackbox
to handle that.I wonder if it could first be done as a plugin (and then maybe incorporated into the core distribution at some point)?