51 lines
1.2 KiB
Bash
Executable File
51 lines
1.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
SRC="${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}"
|
|
OUT="${1:-$REPO_DIR/secrets/vault-pass.txt.zip}"
|
|
|
|
usage() {
|
|
cat <<USAGE
|
|
Usage: scripts/create-vault-pass-archive.sh [output.zip]
|
|
|
|
Creates a password-protected archive containing vault-pass.txt.
|
|
Default source:
|
|
${VAULT_PASS_FILE:-$HOME/.config/vault-pass.txt}
|
|
Default output:
|
|
$REPO_DIR/secrets/vault-pass.txt.zip
|
|
|
|
The zip password is entered interactively. Do not print it in logs/chat.
|
|
USAGE
|
|
}
|
|
|
|
if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
|
|
usage
|
|
exit 0
|
|
fi
|
|
|
|
if [ ! -f "$SRC" ]; then
|
|
echo "Missing source vault password file: $SRC" >&2
|
|
exit 2
|
|
fi
|
|
|
|
if ! command -v zip >/dev/null 2>&1; then
|
|
echo "Missing dependency: zip" >&2
|
|
echo "Install it with: sudo apt install -y zip" >&2
|
|
exit 3
|
|
fi
|
|
|
|
mkdir -p "$(dirname "$OUT")"
|
|
tmpdir="$(mktemp -d)"
|
|
cleanup() { rm -rf "$tmpdir"; }
|
|
trap cleanup EXIT
|
|
install -m 600 "$SRC" "$tmpdir/vault-pass.txt"
|
|
|
|
(
|
|
cd "$tmpdir"
|
|
# zip prompts for archive password interactively.
|
|
zip -e -q "$OUT" vault-pass.txt
|
|
)
|
|
chmod 600 "$OUT"
|
|
echo "Created password-protected archive: $OUT"
|