-
Notifications
You must be signed in to change notification settings - Fork 2
/
kuzzle-vault-encrypt-string
executable file
·48 lines (40 loc) · 1.39 KB
/
kuzzle-vault-encrypt-string
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/bash
if [ "$1" = "--help" ];
then
echo "Encrypts a secret for Kuzzle Vault"
echo ""
echo "Usage: bash kuzzle-vault-encrypt-string <secret> [password]"
echo ""
echo "The encrypted string is meant to be put in the JSON file containing encrypted secrets"
echo "Encrypted string format is the following: <encrypted-data>.<iv>"
echo "More informations on https://github.com/kuzzleio/kuzzle-vault"
echo ""
echo "The password can also be provided within the KUZZLE_VAULT_KEY env variable"
echo "or it will be asked on the standard input"
echo ""
echo "Examples:"
echo " $ bash kuzzle-vault-encrypt-string 107ee9f7820f4efe633630b38b5e3c28 secret-vault-password"
echo " $ bash kuzzle-vault-encrypt-string 107ee9f7820f4efe633630b38b5e3c28"
echo " $ KUZZLE_VAULT_KEY=secret-vault-password bash kuzzle-vault-encrypt-string 107ee9f7820f4efe633630b38b5e3c28"
echo ""
exit 0
fi
iv=$(openssl rand -hex 16)
secret=$1
if [ -z "$secret" ];
then
echo "First argument should be the secret to be encrypted (Use --help for usage)"
exit 1
fi
key=$2
if [ -z "$key" ];
then
key=$KUZZLE_VAULT_KEY
fi
if [ -z "$key" ];
then
read -p "Please input encryption key: " key
fi
key_hash=$(echo -n $key | openssl dgst -sha256 | cut -d" " -f 2)
encrypted=$(echo -n $secret | openssl enc -aes-256-cbc -nosalt -e -base64 -K $key_hash -iv $iv | base64 -d | hexdump -e '16/1 "%02x"')
echo $encrypted.$iv