alox-gandalf 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- data/exec/_gandalf +16 -0
- data/exec/_gandalf_ +24 -0
- data/exec/edit-secrets +58 -0
- data/exec/new-key +46 -0
- data/exec/new-secrets +43 -0
- data/exec/show-secrets +38 -0
- metadata +8 -2
data/exec/_gandalf
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
if [[ "$#" > 0 ]]; then
|
4
|
+
GANDALF="$1"; shift
|
5
|
+
fi
|
6
|
+
|
7
|
+
if [[ -z "${GANDALF:-}" ]]; then
|
8
|
+
GANDALF="$(pwd -P)"
|
9
|
+
fi
|
10
|
+
|
11
|
+
export GANDALF
|
12
|
+
|
13
|
+
if [[ ! -x "$(type -P gpg 2>&-)" ]]; then
|
14
|
+
echo "ERROR: could not find gpg tool" 1>&2
|
15
|
+
false
|
16
|
+
fi
|
data/exec/_gandalf_
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
function keys_path {
|
2
|
+
echo "$GANDALF/$(ryaml "$GANDALF/config/gandalf.yml" keys_path)"
|
3
|
+
}
|
4
|
+
|
5
|
+
function keys {
|
6
|
+
ryaml "$GANDALF/config/gandalf.yml" bundle "$nm_bundle" keys | awk '$1 == "-" { print $NF }' | xargs --
|
7
|
+
}
|
8
|
+
|
9
|
+
function secrets_path {
|
10
|
+
echo "$GANDALF/$(ryaml "$GANDALF/config/gandalf.yml" bundle "$nm_bundle" secrets_path)"
|
11
|
+
}
|
12
|
+
|
13
|
+
function recipients {
|
14
|
+
local _a
|
15
|
+
for _a in $(keys); do
|
16
|
+
echo -n " -r $_a"
|
17
|
+
done
|
18
|
+
}
|
19
|
+
|
20
|
+
function gpg {
|
21
|
+
logger_info "gpg $@"
|
22
|
+
"$(type -P gpg)" "$@"
|
23
|
+
}
|
24
|
+
|
data/exec/edit-secrets
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
#/ NAME
|
4
|
+
#/ edit bundle -- edit a password bundle
|
5
|
+
#/
|
6
|
+
#/ SYNOPSIS
|
7
|
+
#/ edit bundle name
|
8
|
+
|
9
|
+
# figure out the project root under which bin, lib live
|
10
|
+
shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
|
11
|
+
|
12
|
+
# load a jason bourne library
|
13
|
+
source _jason
|
14
|
+
require gandalf "${GANDALF:-}"
|
15
|
+
require gandalf_
|
16
|
+
|
17
|
+
readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
|
18
|
+
|
19
|
+
# entry point
|
20
|
+
function main {
|
21
|
+
if [[ "$#" = 0 ]]; then
|
22
|
+
local default_bundle="$(ryaml $cfg_gandalf bundle default)"
|
23
|
+
if [[ -n "$default_bundle" ]]; then
|
24
|
+
set -- "$default_bundle" "$@"
|
25
|
+
fi
|
26
|
+
fi
|
27
|
+
|
28
|
+
if [[ "$#" = 0 ]]; then
|
29
|
+
logger_fatal "missing name of secrets bundle"
|
30
|
+
exit 1
|
31
|
+
fi
|
32
|
+
|
33
|
+
readonly local nm_bundle="$1"; shift
|
34
|
+
readonly local tmp_keyring="$(mktemp -t XXXXXXXXX)"
|
35
|
+
|
36
|
+
set +f
|
37
|
+
gpg --no-default-keyring --keyring "$tmp_keyring" --import "$(keys_path)/"*
|
38
|
+
set -f
|
39
|
+
|
40
|
+
readonly local tmp_container="$(mktemp -d -t XXXXXXXXX)"
|
41
|
+
readonly local tmp_buffer="$(TMPDIR="$tmp_container" mktemp -t XXXXXXXXX)"
|
42
|
+
|
43
|
+
git pull
|
44
|
+
gpg -a -d "$(secrets_path)/${nm_bundle}.gpg" > "$tmp_buffer"
|
45
|
+
"${EDITOR:-vim}" "$tmp_buffer"
|
46
|
+
|
47
|
+
readonly local tmp_bundle="$(mktemp -t XXXXXXXXX)"
|
48
|
+
if gpg --yes --trust-model always --no-default-keyring --keyring "$tmp_keyring" -a -e -o "$tmp_bundle" $(recipients) "$tmp_buffer"; then
|
49
|
+
mv -f "$tmp_bundle" "$(secrets_path)/$nm_bundle.gpg"
|
50
|
+
else
|
51
|
+
rm -f "$tmp_bundle"
|
52
|
+
fi
|
53
|
+
|
54
|
+
rm -f "$tmp_keyring" "$tmp_buffer"
|
55
|
+
rmdir "$tmp_container"
|
56
|
+
}
|
57
|
+
|
58
|
+
require sub "$BASH_SOURCE" "$@"
|
data/exec/new-key
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
#/ NAME
|
4
|
+
#/ new key -- create a new gpg key
|
5
|
+
#/
|
6
|
+
#/ SYNOPSIS
|
7
|
+
#/ new key email
|
8
|
+
|
9
|
+
# figure out the project root under which bin, lib live
|
10
|
+
shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
|
11
|
+
|
12
|
+
# load a jason bourne library
|
13
|
+
source _jason
|
14
|
+
require gandalf "${GANDALF:-}"
|
15
|
+
require gandalf_
|
16
|
+
|
17
|
+
readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
|
18
|
+
|
19
|
+
# entry point
|
20
|
+
function main {
|
21
|
+
if [[ "$#" = 0 ]]; then
|
22
|
+
logger_fatal "missing email"
|
23
|
+
exit 1
|
24
|
+
fi
|
25
|
+
|
26
|
+
readonly local email="$1"; shift
|
27
|
+
readonly local tmp_genkey="$(mktemp -t XXXXXXXXX)"
|
28
|
+
|
29
|
+
cat > "$tmp_genkey" <<EOF
|
30
|
+
Key-Type: RSA
|
31
|
+
Key-Length: 2048
|
32
|
+
Subkey-Type: RSA
|
33
|
+
Subkey-Length: 2048
|
34
|
+
Name-Email: $email
|
35
|
+
Expire-Date: 1y
|
36
|
+
%commit
|
37
|
+
EOF
|
38
|
+
|
39
|
+
gpg --batch --gen-key "$tmp_genkey"
|
40
|
+
rm -f "$tmp_genkey"
|
41
|
+
gpg --edit-key "$email" passwd save
|
42
|
+
|
43
|
+
gpg --export -a "$email" > "$(keys_path)/$email"
|
44
|
+
}
|
45
|
+
|
46
|
+
require sub "$BASH_SOURCE" "$@"
|
data/exec/new-secrets
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
#/ NAME
|
4
|
+
#/ new bundle -- create a new password bundle
|
5
|
+
#/
|
6
|
+
#/ SYNOPSIS
|
7
|
+
#/ new bundle name
|
8
|
+
|
9
|
+
# figure out the project root under which bin, lib live
|
10
|
+
shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
|
11
|
+
|
12
|
+
# load a jason bourne library
|
13
|
+
source _jason
|
14
|
+
require gandalf "${GANDALF:-}"
|
15
|
+
require gandalf_
|
16
|
+
|
17
|
+
readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
|
18
|
+
|
19
|
+
# entry point
|
20
|
+
function main {
|
21
|
+
if [[ "$#" = 0 ]]; then
|
22
|
+
logger_fatal "missing name of secrets bundle"
|
23
|
+
exit 1
|
24
|
+
fi
|
25
|
+
|
26
|
+
readonly local nm_bundle="$1"; shift
|
27
|
+
readonly local tmp_keyring="$(mktemp -t XXXXXXXXX)"
|
28
|
+
|
29
|
+
set -x
|
30
|
+
keys
|
31
|
+
set +x
|
32
|
+
|
33
|
+
local _rcpt
|
34
|
+
for _rcpt in $(keys); do
|
35
|
+
gpg --no-default-keyring --keyring "$tmp_keyring" --import "$(keys_path)/$_rcpt"
|
36
|
+
done
|
37
|
+
|
38
|
+
echo "---" | gpg --no-default-keyring --keyring "$tmp_keyring" -a -e -o "$(secrets_path)/$nm_bundle.gpg" $(recipients)
|
39
|
+
|
40
|
+
rm -f "$tmp_keyring"
|
41
|
+
}
|
42
|
+
|
43
|
+
require sub "$BASH_SOURCE" "$@"
|
data/exec/show-secrets
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
#/ NAME
|
4
|
+
#/ list bundle -- list the bundle for a bundle
|
5
|
+
#/
|
6
|
+
#/ SYNOPSIS
|
7
|
+
#/ list bundle name
|
8
|
+
|
9
|
+
# figure out the project root under which bin, lib live
|
10
|
+
shome="$(cd -P -- "$(dirname -- "$BASH_SOURCE")/.." && pwd -P)"
|
11
|
+
|
12
|
+
# load a jason bourne library
|
13
|
+
source _jason
|
14
|
+
require gandalf "${GANDALF:-}"
|
15
|
+
require gandalf_
|
16
|
+
|
17
|
+
readonly cfg_gandalf="$GANDALF/config/gandalf.yml"
|
18
|
+
|
19
|
+
# entry point
|
20
|
+
function main {
|
21
|
+
if [[ "$#" = 0 ]]; then
|
22
|
+
local default_bundle="$(ryaml $cfg_gandalf bundle default)"
|
23
|
+
if [[ -n "$default_bundle" ]]; then
|
24
|
+
set -- "$default_bundle" "$@"
|
25
|
+
fi
|
26
|
+
fi
|
27
|
+
|
28
|
+
if [[ "$#" = 0 ]]; then
|
29
|
+
logger_fatal "missing name of secrets bundle"
|
30
|
+
exit 1
|
31
|
+
fi
|
32
|
+
|
33
|
+
readonly local nm_bundle="$1"; shift
|
34
|
+
|
35
|
+
gpg -a -d "$(secrets_path)/${nm_bundle}.gpg"
|
36
|
+
}
|
37
|
+
|
38
|
+
require sub "$BASH_SOURCE" "$@"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: alox-gandalf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.11
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -19,7 +19,13 @@ email:
|
|
19
19
|
executables: []
|
20
20
|
extensions: []
|
21
21
|
extra_rdoc_files: []
|
22
|
-
files:
|
22
|
+
files:
|
23
|
+
- exec/_gandalf
|
24
|
+
- exec/_gandalf_
|
25
|
+
- exec/edit-secrets
|
26
|
+
- exec/new-key
|
27
|
+
- exec/new-secrets
|
28
|
+
- exec/show-secrets
|
23
29
|
homepage: https://github.com/destructuring/gandalf
|
24
30
|
licenses: []
|
25
31
|
post_install_message:
|