From 93732560c3515f41143a703b8cbe9114911e8f6c Mon Sep 17 00:00:00 2001
From: Dominik Chilla <dominik@zwackl.de>
Date: Sat, 24 Oct 2020 10:58:51 +0200
Subject: [PATCH] secrets.tgz.aes

---
 secrets.tgz.aes/README.md          | 14 ++++++++++++++
 secrets.tgz.aes/decrypt_secrets.sh | 14 ++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 secrets.tgz.aes/README.md
 create mode 100755 secrets.tgz.aes/decrypt_secrets.sh

diff --git a/secrets.tgz.aes/README.md b/secrets.tgz.aes/README.md
new file mode 100644
index 0000000..a4e5d4a
--- /dev/null
+++ b/secrets.tgz.aes/README.md
@@ -0,0 +1,14 @@
+# Decrypt /secrets/secrets.tgz.aes
+
+## Prerequisites
+* bash
+* curl
+* openssl
+
+## Dockerfile:
+```
+ADD ./snippets/secrets.tgz.aes/decrypt_secrets.sh /app/decrypt_secrets.sh
+```
+
+## Environment
+* SECRETSKEY (required)
diff --git a/secrets.tgz.aes/decrypt_secrets.sh b/secrets.tgz.aes/decrypt_secrets.sh
new file mode 100755
index 0000000..e31cfcf
--- /dev/null
+++ b/secrets.tgz.aes/decrypt_secrets.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+if [ -z "${SECRETSKEY+x}" ]; then
+  echo "ENV[SECRETSKEY] not set! Continue without secrets..."
+else
+  if [ -f /secrets/secrets.tgz.aes ]; then
+    cd /secrets \
+    && openssl aes-256-cbc -in secrets.tgz.aes -out secrets.tgz -d -k "${SECRETSKEY}" \
+    && tar xvzf secrets.tgz
+  else
+    echo "/secrets/secrets.tgz.aes not found!"
+    exit 1
+  fi
+fi