Add osslvault filter
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
b729c38fcb
commit
9bae4c305a
GPG key ID:
D91C3E91E4CAD6F5
2 changed files with 44 additions and 0 deletions
|
|
@ -36,6 +36,11 @@ required = true
|
||||||
clean = git-lfs clean -- %f
|
clean = git-lfs clean -- %f
|
||||||
smudge = git-lfs smudge -- %f
|
smudge = git-lfs smudge -- %f
|
||||||
|
|
||||||
|
[filter "osslvault"]
|
||||||
|
clean = git-filter-osslvault -f %f clean
|
||||||
|
smudge = git-filter-osslvault smudge
|
||||||
|
required = true
|
||||||
|
|
||||||
[gpg]
|
[gpg]
|
||||||
program = gpg2
|
program = gpg2
|
||||||
|
|
||||||
|
|
|
||||||
39
bin/git-filter-osslvault
Executable file
39
bin/git-filter-osslvault
Executable file
|
|
@ -0,0 +1,39 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
source ~/bin/script_framework.sh
|
||||||
|
|
||||||
|
function usage() { fatal "Usage: $0 -f <hash-filename> <clean|smudge>"; }
|
||||||
|
|
||||||
|
check_utils \
|
||||||
|
openssl \
|
||||||
|
sha256sum \
|
||||||
|
vault
|
||||||
|
|
||||||
|
passkey="secret/osslvault/$(basename $(pwd))"
|
||||||
|
salt=""
|
||||||
|
|
||||||
|
while getopts ":f:k:" o; do
|
||||||
|
case "${o}" in
|
||||||
|
f) salt="$(sha256sum ${OPTARG} | cut -d ' ' -f 1)" ;;
|
||||||
|
k) passkey="${OPTARG}" ;;
|
||||||
|
*) usage ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
shift $((OPTIND - 1))
|
||||||
|
|
||||||
|
pass="$(vault read -field=pass "${passkey}")"
|
||||||
|
[[ -n $pass ]] || fatal "Password not found."
|
||||||
|
|
||||||
|
case ${1:-_invalid} in
|
||||||
|
clean)
|
||||||
|
[[ -n $salt ]] || fatal "Missing paramter -f"
|
||||||
|
openssl enc -k ${pass} -S ${salt} -pbkdf2 -e -a
|
||||||
|
;;
|
||||||
|
smudge)
|
||||||
|
openssl enc -k ${pass} -pbkdf2 -d -a
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
usage
|
||||||
|
;;
|
||||||
|
esac
|
||||||
Loading…
Reference in a new issue