-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathsecrets_manager
executable file
·161 lines (135 loc) · 5.17 KB
/
secrets_manager
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/bin/bash
function check_dependencies() {
if [[ $1 == "-exit_on_install" ]]; then
EXIT_ON_INSTALL="YES"
fi
echo '----------------------------'
echo 'Checking dependencies'
echo '----------------------------'
DEPENDENCY_INSTALLED="NO"
if ! [ -x "$(command -v age)" ]; then
echo 'age is not installed. installing with `brew install age`' >&2
brew install age;
if ! [ -x "$(command -v age)" ]; then
echo 'age is still not installed. installing with `brew install age`' >&2
exit 1
else
DEPENDENCY_INSTALLED="YES"
fi
fi
if ! [ -x "$(command -v rename)" ]; then
echo 'rename is not installed. installing with `brew install rename`' >&2
brew install rename;
if ! [ -x "$(command -v rename)" ]; then
echo 'rename is still not installed. installing with `brew install rename`' >&2
exit 1
else
DEPENDENCY_INSTALLED="YES"
fi
fi
if [[ $EXIT_ON_INSTALL == "YES" ]]; then
if [[ "$DEPENDENCY_INSTALLED" == "YES" ]]; then
echo 'One or more dependencies installed, re-run the script' >&2
exit 1
fi
fi
echo "All dependencies installed"
}
function project_directory() {
script_path=$(stat -f "${BASH_SOURCE[0]}")
script_dir=$(dirname "$script_path")
project_dir=$(dirname "$script_dir")
echo "$project_dir"
}
function check_for_existing_keys() {
set +e
security find-generic-password -a swift-repo-user -s swift-repo-private > /dev/null 2>&1
exit_code=$((exit_code | PIPESTATUS[0]))
security find-generic-password -a swift-repo-user -s swift-repo-public > /dev/null 2>&1
exit_code=$((exit_code | PIPESTATUS[0]))
if (( 0 == exit_code )); then
project_dir=$(project_directory)
public_key="$(security find-generic-password -w -s swift-repo-public)"
grep "$public_key" secrets/contributor_public_keys > /dev/null 2>&1
exit_code=$((exit_code | PIPESTATUS[0]))
if (( 0 == exit_code )); then
echo '----------------------------'
echo 'existing keys found, and are already included in the `secrets/contributor_public_keys`, exiting'
echo '----------------------------'
exit 1
else
echo '----------------------------'
echo 'existing keys found, adding to `secrets/contributor_public_keys`'
echo 'push this change and ask a contributor to re-encrypt with `scripts/reencrypt_secrets`'
echo '----------------------------'
project_dir=$(project_directory)
echo "$public_key" >> "$project_dir/secrets/contributor_public_keys"
exit 1
fi
fi
set -e
}
function decrypt_secrets() {
security find-generic-password -w -s swift-repo-private > /dev/null 2>&1
script_path=$(stat -f "${BASH_SOURCE}")
script_dir=$(dirname "$script_path")
project_dir=$(dirname "$script_dir")
keys_encrypted="$project_dir/secrets/keys.encrypted"
age -d -i <(security find-generic-password -w -s swift-repo-private) "$keys_encrypted"
}
function set_secrets() {
if [ "$#" -ne 1 ]; then
echo "Illegal number of parameters"
else
source <(decrypt_secrets)
pushd "$(project_directory)/$1"
bundle exec pod keys set devNetworkAuthUsername "$DEV_NETWORK_AUTH_USERNAME"
bundle exec pod keys set devNetworkAuthPassword "$DEV_NETWORK_AUTH_PASSWORD"
bundle exec pod keys set testNetTestAccountMnemonicsCommaSeparated "$TESTNET_TEST_ACCOUNT_MNEMONICS_COMMA_SEPERATED"
bundle exec pod keys set dynamicFogAuthoritySpki "$DYNAMIC_FOG_AUTHORITY_SPKI"
bundle exec pod keys set dynamicTestAccountSeedEntropiesCommaSeparated "$DYNAMIC_TEST_ACCOUNT_SEED_ENTROPIES_COMMA_SEPARATED"
bundle exec pod keys set mobileDevTestAccountMnemonicsCommaSeparated "$MOBILEDEV_TEST_ACCOUNT_MNEMONICS_COMMA_SEPERATED"
popd
fi
}
function generate_and_rename_cocoapodkeys() {
pushd "$(project_directory)/$1"
bundle exec pod keys generate
FILE=Pods/CocoaPodsKeys/ExampleKeys.h
if test -f "$FILE"; then
echo "----------------------------"
echo "Keys files generated with INCORRECT name, renaming"
echo "----------------------------"
set -x
find . -name "*ExampleKeys*" | xargs -n 1 -I {} sed -i '' 's/ExampleKeys/MobileCoinKeys/g' {} ;
rm Pods/CocoaPodsKeys/MobileCoinKeys* || true; rename 's/Example/MobileCoin/' Pods/CocoaPodsKeys/*
set +x
echo "----------------------------"
echo "Naming substitution complete"
echo "----------------------------"
else
echo "----------------------------"
echo "Keys files generated with correct name."
echo "----------------------------"
fi
popd
}
function check_for_contributor_public_keys() {
echo '----------------------------'
echo 'Checking for valid public keys file'
echo '----------------------------'
project_dir=$(project_directory)
contributor_public_keys="$project_dir/secrets/contributor_public_keys"
if [ -s "$contributor_public_keys" ]; then
# The file is not-empty.
echo '----------------------------'
echo "$(wc -l < "$contributor_public_keys") Public keys found"
echo '----------------------------'
else
# The file is empty.
echo '----------------------------'
echo 'Public keys file not found, or empty, run `generate_and_save_contributor_keys`'
echo '----------------------------'
exit 1;
fi
}