Initial commit
This commit is contained in:
59
dist/scripts/src/fetch-secrets.sh
vendored
Executable file
59
dist/scripts/src/fetch-secrets.sh
vendored
Executable file
@@ -0,0 +1,59 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
fetch_secret() {
|
||||
local target_secret="${1:?Target secret local_secret is required}"
|
||||
local env="${2:?Environment is required}"
|
||||
local output_file="${3:?}"
|
||||
|
||||
script -q /dev/null \
|
||||
-c "docker compose run --rm -t cli infisical secrets --plain get ""${target_secret}"" --env ""${env}""" \
|
||||
>"${output_file}"
|
||||
|
||||
# Check if file is empty
|
||||
if [[ ! -s ${output_file} ]]; then
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
local config_file="${1:-./secrets.json}"
|
||||
local secrets_dir="${2:-./secrets}"
|
||||
|
||||
if ! command -v jq &> /dev/null; then
|
||||
printf "Error: jq is required but not installed\n" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [[ ! -f "${config_file}" ]]; then
|
||||
printf "Error: Config file %s not found\n" "${config_file}" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
mkdir -p "${secrets_dir}"
|
||||
|
||||
mapfile -t entries < <(jq -c '.[]' "${config_file}")
|
||||
|
||||
local local_secret target_secret env obj
|
||||
|
||||
for obj in "${entries[@]}"; do
|
||||
local_secret="$(jq -r .secret_name <<<"${obj}")"
|
||||
target_secret="$(jq -r .target_secret <<<"${obj}")"
|
||||
env="$(jq -r .env <<<"${obj}")"
|
||||
output_file="${secrets_dir}/${local_secret}"
|
||||
|
||||
if [[ -z "${env}" ]]; then
|
||||
printf "Warning: Environment not specified for secret %s, assuming 'prod'\n" "${local_secret}" >&2
|
||||
fi
|
||||
|
||||
printf "Processing %s -> %s (%s)\n" "${local_secret}" "${target_secret}" "${env}"
|
||||
if fetch_secret "${target_secret}" "${env}" "${output_file}"; then
|
||||
printf "✔ saved to %s\n" "${output_file}"
|
||||
continue
|
||||
fi
|
||||
|
||||
rm -f "${output_file}" # Clean up if fetch failed
|
||||
printf "✘ failed to fetch %s\n" "${target_secret}" >&2
|
||||
done
|
||||
}
|
||||
|
||||
main "$@"
|
||||
12
dist/scripts/src/secrets.json
vendored
Normal file
12
dist/scripts/src/secrets.json
vendored
Normal file
@@ -0,0 +1,12 @@
|
||||
[
|
||||
{
|
||||
"secret_name": "gpg_key",
|
||||
"target_secret": "PERSONAL_GPG_KEY_123",
|
||||
"env": "prod"
|
||||
},
|
||||
{
|
||||
"secret_name": "ssh_key",
|
||||
"target_secret": "PERSONAL_GITHUB_SSH_KEY_123",
|
||||
"env": "prod"
|
||||
}
|
||||
]
|
||||
Reference in New Issue
Block a user