51 lines
1.7 KiB
Bash
Executable File
51 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
#
|
|
# blackbox_register_new_file -- Enroll a new file in the blackbox system.
|
|
#
|
|
# Takes a previously unencrypted file and enrolls it into the blackbox
|
|
# system. It will be kept in the repo as an encrypted file. On deployment
|
|
# to systems that need the plaintext (unencrypted) versions, run
|
|
# blackbox_postdeploy.sh to decrypt all the files.
|
|
|
|
set -e
|
|
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
|
|
source "${blackbox_home}/_blackbox_common.sh"
|
|
|
|
unencrypted_file=$(get_unencrypted_filename "$1")
|
|
encrypted_file=$(get_encrypted_filename "$1")
|
|
|
|
if [[ "$1" == "$encrypted_file" ]]; then
|
|
echo ERROR: Please only register unencrypted files.
|
|
exit 1
|
|
fi
|
|
|
|
echo ========== PLAINFILE "$unencrypted_file"
|
|
echo ========== ENCRYPTED "$encrypted_file"
|
|
|
|
fail_if_not_exists "$unencrypted_file" "Please specify an existing file."
|
|
fail_if_exists "$encrypted_file" "Will not overwrite."
|
|
|
|
prepare_keychain
|
|
encrypt_file "$unencrypted_file" "$encrypted_file"
|
|
add_filename_to_cryptlist "$unencrypted_file"
|
|
|
|
# Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
|
|
SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
|
|
echo "========== CREATED: ${encrypted_file}"
|
|
echo "========== UPDATING REPO:"
|
|
shred_file "$unencrypted_file"
|
|
|
|
if "$SECRETSEXPOSED" ; then
|
|
vcs_remove "$unencrypted_file"
|
|
vcs_add "$encrypted_file"
|
|
fi
|
|
|
|
vcs_ignore "$unencrypted_file"
|
|
echo 'NOTE: "already tracked!" messages are safe to ignore.'
|
|
vcs_add "$BB_FILES" "$encrypted_file"
|
|
vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file"
|
|
echo "========== UPDATING VCS: DONE"
|
|
echo "Local repo updated. Please push when ready."
|
|
echo " $(which_vcs) push"
|