-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpoke.sh
executable file
·47 lines (40 loc) · 1.06 KB
/
poke.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash
set -eu
VAULT=~/.secretman
# create directory for the secrets if not exists
mkdir -p $VAULT
# Your key id for the Yubikey encryption key
RECIPIENT=D2E72CF23AD1899D
if [ $# -gt 0 ]; then
KEY=$1
echo "Securing data with vault key $1."
if [ -e $VAULT/$KEY ]; then
# If we are reading data from standard input, read will misbehave unless explicitly reading from tty
read -p "Key exists, overwrite? [y/N] " response < /dev/tty
case "$response" in
[yY][eE][sS]|[yY])
echo "overwriting"
;;
*)
echo "exiting"
exit 1
;;
esac
else
echo "new key"
fi
fi
if [ $# -eq 2 ]; then
echo "Data from command line"
VALUE=$2
echo "$VALUE" | gpg --encrypt --armor --recipient $RECIPIENT > "$VAULT/$KEY"
elif [ $# -eq 1 ]; then
echo "Data from standard input."
gpg --encrypt --armor --recipient $RECIPIENT < /dev/stdin > "$VAULT/$KEY"
else
echo "Invalid arguments."
echo "Usage: poke.sh key [value]"
exit 1
fi
# Override umask
chmod go-rwx "$VAULT/$KEY"