feat: better decryption method

2026-02-02 22:10:40 -03:00
parent 269ff72333
commit 5001deba6a
2 changed files with 45 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.decrypted
+.vault_password
--- a/43
+++ b/43
@@ -0,0 +1,43 @@
+# Ansible Vault encrypted files installer
+# Usage: make install PASSWORD=yourpassword
+
+PASSWORD ?= 
+PASSWORD_FILE = .vault_password
+
+.PHONY: install decrypt clean
+
+
+_init_password_file:
+	@if [ ! -f $(PASSWORD_FILE) ]; then \
+		echo "$(PASSWORD)" > $(PASSWORD_FILE); \
+		chmod 600 $(PASSWORD_FILE); \
+	fi
+
+
+_destroy_password_file:
+	@if [ -f $(PASSWORD_FILE) ]; then \
+		rm -f $(PASSWORD_FILE); \
+	fi
+
+
+_install:
+	@mkdir -p $(HOME)/.ssh $(HOME)/.gnupg
+	@echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.ssh/id_ed25519 id_ed25519 --vault-password-file=$(PASSWORD_FILE)
+	@chmod 600 $(HOME)/.ssh/id_ed25519
+	@echo "$(PASSWORD)" | ansible-vault decrypt --output $(HOME)/.gnupg/private.gpg private.gpg --vault-password-file=$(PASSWORD_FILE)
+	@chmod 600 $(HOME)/.gnupg/private.gpg
+	@echo "Keys installed successfully"
+
+install: _init_password_file _install _destroy_password_file
+
+# Decrypt files to current directory (for inspection)
+_decrypt:
+	@ansible-vault decrypt --output id_ed25519.decrypted id_ed25519 --vault-password-file=$(PASSWORD_FILE)
+	@ansible-vault decrypt --output private.gpg.decrypted private.gpg --vault-password-file=$(PASSWORD_FILE)
+	@chmod 600 id_ed25519.decrypted private.gpg.decrypted
+
+decrypt: _init_password_file _decrypt _destroy_password_file
+
+
+clean:
+	@rm -f *.decrypted