Code Monkey home page Code Monkey logo

Comments (2)

jmurty avatar jmurty commented on August 28, 2024

Hi, that would be a cool feature but it's not something we will do sorry. It would be very difficult to do, if it's possible at all, so it's not something we will support.

from transcrypt.

steled avatar steled commented on August 28, 2024

Hi,

I created a little workaround for this.
I wrote a pre-commit-githook that uses sed to create an partially encrypted *.dec file of the fully encrypted file.

#!/usr/bin/env bash
# sed pre-commit hook: duplicate decrypted sensitive file and redact sensitive informations via sed

tmp=$(mktemp)
IFS=$'\n'
for secret_file in $(git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = ":" }; /crypt$/{ print $1 }'); do
    # Skip symlinks, they contain the linked target file path not plaintext
    if [[ -L $secret_file ]]; then
        continue
    fi

    # extract filename
    filename="${secret_file##*/}"
    # get file extension
    file_extension="${filename##*.}"
    # get filename without extension
    file="${filename%.*}"
    # extract directory
    dir="$(dirname ${secret_file})"

    # if test -f "${dir}/${file}.sed"; then
    if test -f "${dir}/${filename}.sed"; then
        if [ $file_extension == $file ]; then
            sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}_dec"
        else
            sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}.${file_extension}.dec"
        fi
    fi

done
rm -f "${tmp}"
unset IFS

You than just need to create a sed file where you define what should be replaced and the hook than creates with this sed file an *.dec file.

Example

plain file aws-etcd-backup.yaml

apiVersion: v1
kind: Secret
metadata:
  name: dgops-s3-credentials
  namespace: kube-system
type: Opaque
data:
  ACCESS_KEY_ID: TEST_KEY_ID
  SECRET_ACCESS_KEY: TEST_ACCESS_KEY

sed file aws-etcd-backup.yaml.sed

s/\(ACCESS_KEY_ID: \).*/\1<REDACTED>/
s/\(SECRET_ACCESS_KEY: \).*/\1<REDACTED>/

resulting partially decrypted file aws-etcd-backup.yaml.dec

apiVersion: v1
kind: Secret
metadata:
  name: dgops-s3-credentials
  namespace: kube-system
type: Opaque
data:
  ACCESS_KEY_ID: <REDACTED>
  SECRET_ACCESS_KEY: <REDACTED>

Maybe this helps someone.

from transcrypt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.