@@ -3,26 +3,49 @@ if ! hash sha256sum &>/dev/null ; then
33 exit 1
44fi
55
6- if [ ! -f " $project_root " ; then
7- echo ' secrets.json is missing' >&2
6+ if [ ! -f " $project_root " .scrypt ] ; then
7+ echo ' secrets.json.scrypt is missing' >&2
88 exit 1
99fi
1010
1111declare secrets_permissions
12- secrets_permissions=" $( ls -l " $project_root " ) "
12+ secrets_permissions=" $( ls -l " $project_root " .scrypt ) "
1313secrets_permissions=" ${secrets_permissions:: 10} "
1414declare -r secrets_permissions
1515if [[ $secrets_permissions != ' -rw-------' ; then
16- echo ' secrets.json permissions too lax' >&2
17- echo ' run: chmod 600 secrets.json' >&2
16+ echo ' secrets.json.scrypt permissions too lax' >&2
17+ echo ' run: chmod 600 secrets.json.scrypt ' >&2
1818 exit 1
1919fi
2020
21- if ! sha256sum -c <<< ' bb82de121880f1182dbae410b341749e5ac1355954ae6c03151a1826e7bba745 secrets.json' > /dev/null ; then
22- echo ' Secrets are wrong ' >&2
21+ if [ -f " $project_root " / secrets.json ] ; then
22+ echo ' secrets.json exists, remove it - will use secrets.json.scrypt only ' >&2
2323 exit 1
2424fi
2525
26+ declare secrets_storage
27+
28+ function decrypt_secrets {
29+ local password
30+ echo ' Enter passphrase for secrets.json.scrypt'
31+ local decrypted
32+ decrypted=" $( scrypt dec " $project_root " ) "
33+ if [ $? -ne 0 ]; then
34+ echo " Failed to decrypt secrets.json.scrypt" >&2
35+ exit 1
36+ fi
37+
38+ # 24290900be9575d1fb6349098b1c11615a2eac8091bc486bec6cf67239b7846a previous version prior to allowanceHolderLondon
39+ if ! echo " $decrypted " | sha256sum | grep -q " ^bb82de121880f1182dbae410b341749e5ac1355954ae6c03151a1826e7bba745" ; then
40+ echo " Decrypted secrets.json hash verification failed" >&2
41+ exit 1
42+ fi
43+ secrets_storage=" $decrypted "
44+ }
45+
2646function get_secret {
27- jq -Mr ." $1 " " $2 " < " $project_root "
47+ if [ -z " $secrets_storage " ; then
48+ decrypt_secrets
49+ fi
50+ jq -Mr ." $1 " " $2 " <<< " $secrets_storage"
2851}
0 commit comments