github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/bin/blackbox_update_all_files (about) 1 #!/usr/bin/env bash 2 3 # 4 # blackbox_update_all_files -- Decrypt then re-encrypt all files. Useful after keys are changed. 5 # 6 7 set -e 8 source "${0%/*}/_blackbox_common.sh" 9 10 gpg_agent_notice 11 disclose_admins 12 prepare_keychain 13 14 echo '========== ENCRYPTED FILES TO BE RE-ENCRYPTED:' 15 while IFS= read <&99 -r unencrypted_file; do 16 echo " $unencrypted_file.gpg" 17 done 99<"$BB_FILES" 18 19 echo '========== FILES IN THE WAY:' 20 need_warning=false 21 while IFS= read <&99 -r unencrypted_file; do 22 unencrypted_file=$(get_unencrypted_filename "$unencrypted_file") 23 encrypted_file=$(get_encrypted_filename "$unencrypted_file") 24 if [[ -f "$unencrypted_file" ]]; then 25 need_warning=true 26 echo " $unencrypted_file" 27 fi 28 done 99<"$BB_FILES" 29 if "$need_warning" ; then 30 echo 31 echo 'WARNING: This will overwrite any unencrypted files laying about.' 32 read -r -p 'Press CTRL-C now to stop. ENTER to continue: ' 33 else 34 echo 'All OK.' 35 fi 36 37 echo '========== RE-ENCRYPTING FILES:' 38 while IFS= read <&99 -r unencrypted_file; do 39 unencrypted_file=$(get_unencrypted_filename "$unencrypted_file") 40 encrypted_file=$(get_encrypted_filename "$unencrypted_file") 41 echo ========== PROCESSING '"'$unencrypted_file'"' 42 fail_if_not_on_cryptlist "$unencrypted_file" 43 decrypt_file_overwrite "$encrypted_file" "$unencrypted_file" 44 encrypt_file "$unencrypted_file" "$encrypted_file" 45 shred_file "$unencrypted_file" 46 done 99<"$BB_FILES" 47 48 fail_if_keychain_has_secrets 49 50 echo '========== COMMITING TO VCS:' 51 while IFS= read <&99 -r unencrypted_file; do 52 vcs_add "$unencrypted_file.gpg" 53 done 99<"$BB_FILES" 54 vcs_commit 'Re-encrypted keys' 55 56 echo '========== DONE.' 57 echo 'Likely next step:' 58 echo " $VCS_TYPE push"