From 5001deba6a1ce92b85ffdd66effe18694ff0f472 Mon Sep 17 00:00:00 2001 From: Vitor Hideyoshi Date: Mon, 2 Feb 2026 22:10:40 -0300 Subject: [PATCH] feat: better decryption method --- .gitignore | 2 ++ Makefile | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f7295c8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.decrypted +.vault_password \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..62c8612 --- /dev/null +++ b/Makefile @@ -0,0 +1,43 @@ +# Ansible Vault encrypted files installer +# Usage: make install PASSWORD=yourpassword + +PASSWORD ?= +PASSWORD_FILE = .vault_password + +.PHONY: install decrypt clean + + +_init_password_file: + @if [ ! -f $(PASSWORD_FILE) ]; then \ + echo "$(PASSWORD)" > $(PASSWORD_FILE); \ + chmod 600 $(PASSWORD_FILE); \ + fi + + +_destroy_password_file: + @if [ -f $(PASSWORD_FILE) ]; then \ + rm -f $(PASSWORD_FILE); \ + fi + + +_install: + @mkdir -p $(HOME)/.ssh $(HOME)/.gnupg + @echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.ssh/id_ed25519 id_ed25519 --vault-password-file=$(PASSWORD_FILE) + @chmod 600 $(HOME)/.ssh/id_ed25519 + @echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.gnupg/private.gpg private.gpg --vault-password-file=$(PASSWORD_FILE) + @chmod 600 $(HOME)/.gnupg/private.gpg + @echo "Keys installed successfully" + +install: _init_password_file _install _destroy_password_file + +# Decrypt files to current directory (for inspection) +_decrypt: + @ansible-vault decrypt --output id_ed25519.decrypted id_ed25519 --vault-password-file=$(PASSWORD_FILE) + @ansible-vault decrypt --output private.gpg.decrypted private.gpg --vault-password-file=$(PASSWORD_FILE) + @chmod 600 id_ed25519.decrypted private.gpg.decrypted + +decrypt: _init_password_file _decrypt _destroy_password_file + + +clean: + @rm -f *.decrypted