diff --git a/encrypt.sh b/encrypt.sh index 8a49d509..13cc19e6 100755 --- a/encrypt.sh +++ b/encrypt.sh @@ -1,8 +1,12 @@ #!/bin/bash -# Check if the passphrase file exists + +# Define passphrase file, S3 bucket, services directory, and envs directory PASSPHRASE_FILE="nshm.passphrase" S3_BUCKET="s3://nus-backend-terraform" SERVICES_DIR="services" +ENVS_DIR="envs" + +# Check if the passphrase file exists; download from S3 if not if [ ! -f "$PASSPHRASE_FILE" ]; then echo "Passphrase file not found, downloading from S3..." aws s3 cp "${S3_BUCKET}/${PASSPHRASE_FILE}" . @@ -14,25 +18,47 @@ if [ ! -f "$PASSPHRASE_FILE" ]; then else echo "Passphrase file already exists." fi -# Get a list of service directories -service_dirs=($(ls -d "$SERVICES_DIR"/*)) -# Loop through each service directory and encrypt its .env file + + +# Function to encrypt a single .env file +encrypt_env_file() { + local env_file=$1 + local service_name=$2 + echo "Encrypting $env_file..." + + # Encrypt the .env file, outputting to the encrypted_envs directory + gpg --batch --yes --passphrase-file "$PASSPHRASE_FILE" --symmetric --output "$ENVS_DIR/${service_name}.env.gpg" "$env_file" + + # Check if encryption was successful + if [ $? -eq 0 ]; then + echo "$env_file encrypted successfully and saved as $ENVS_DIR/${service_name}.env.gpg" + else + echo "Failed to encrypt $env_file for $service_name. Exiting..." + exit 1 + fi +} + +# Encrypt .env files within subdirectories of services +service_dirs=($(ls -d "$SERVICES_DIR"/*/)) for service_dir in "${service_dirs[@]}"; do SERVICE_NAME=$(basename "$service_dir") ENV_FILE="$service_dir/.env" - # Check if .env file exists if [ -f "$ENV_FILE" ]; then - echo "Encrypting $ENV_FILE..." - gpg --batch --yes --passphrase-file "$PASSPHRASE_FILE" --symmetric --output "envs/$SERVICE_NAME.env.gpg" "$ENV_FILE" - if [ $? -eq 0 ]; then - echo "$ENV_FILE encrypted successfully and moved to envs/$SERVICE_NAME.env.gpg" - else - echo "Failed to encrypt $ENV_FILE for $SERVICE_NAME. Exiting..." - exit 1 - fi + encrypt_env_file "$ENV_FILE" "$SERVICE_NAME" else echo "No .env file found in $service_dir, skipping..." fi done -echo "All services processed." + +# Encrypt .env files in the envs directory +for env_file in "$ENVS_DIR"/*.env; do + if [ -f "$env_file" ]; then + SERVICE_NAME=$(basename "$env_file" .env) + encrypt_env_file "$env_file" "$SERVICE_NAME" + else + echo "No .env files found in $ENVS_DIR." + fi +done + +echo "All .env files processed and encrypted." diff --git a/envs/account-postgres.env.gpg b/envs/account-postgres.env.gpg index 157b3073..566fc8f3 100644 --- a/envs/account-postgres.env.gpg +++ b/envs/account-postgres.env.gpg @@ -1 +1,2 @@ -�  ��(҂A�=�ҋ6Յ<� ��/��B�������翓�5��o���,�t�G�~�<�+��Y�T�/�X�:5�VT�ok�v+���2�(�"}bA�F�8'�BAc� �ZŠAV^��t�h��H�du��D�K�۵��`���Na�4�h \ No newline at end of file +�  �E�^f���ҋ�s�~���B1zL8&]^~�&9PZ�������cU��ats�p�Y�CK���&e1d����s�s/Q�6�����^)mza���R1m�6؀��RWH� +���>KJ�K�h�K�Z^\��su�Bg��c��d�a7� \ No newline at end of file diff --git a/envs/account.env.gpg b/envs/account.env.gpg index b223870d..a6259e9b 100644 Binary files a/envs/account.env.gpg and b/envs/account.env.gpg differ diff --git a/envs/currency.env.gpg b/envs/currency.env.gpg index 01304d9b..4b86f982 100644 Binary files a/envs/currency.env.gpg and b/envs/currency.env.gpg differ diff --git a/envs/ec2.env.gpg b/envs/ec2.env.gpg index 448d35e6..e9b40278 100644 Binary files a/envs/ec2.env.gpg and b/envs/ec2.env.gpg differ diff --git a/envs/item-mongo.env.gpg b/envs/item-mongo.env.gpg index 73d5ff3b..f297d5b2 100644 Binary files a/envs/item-mongo.env.gpg and b/envs/item-mongo.env.gpg differ diff --git a/envs/item.env.gpg b/envs/item.env.gpg index bcae00ad..52bd0303 100644 Binary files a/envs/item.env.gpg and b/envs/item.env.gpg differ diff --git a/envs/notification.env.gpg b/envs/notification.env.gpg index 061ab041..f9050470 100644 Binary files a/envs/notification.env.gpg and b/envs/notification.env.gpg differ diff --git a/envs/rabbitmq.env.gpg b/envs/rabbitmq.env.gpg index cb1f6a45..dec30f55 100644 Binary files a/envs/rabbitmq.env.gpg and b/envs/rabbitmq.env.gpg differ diff --git a/envs/web.env.gpg b/envs/web.env.gpg index 4f3f5ca5..2c0ffdee 100644 --- a/envs/web.env.gpg +++ b/envs/web.env.gpg @@ -1 +1,2 @@ -�  =:���7 ���p[(S�q!d�Fr���G�+�+R;)@{�C+���F�H��InT;ۈ�p���Re}��]*��h��z�"���+��9�I~Ⱥ����p��B�ڶ��=.�U�]GT� V \ No newline at end of file +�  �*�6�_��p����Xby���%��!�2ݚ�@⑤�8�|; ��zS��v���N��=x����?a�� +H�=q~w��������^����\�qGI�-�)UW��L!�q�9�$� �9� \ No newline at end of file diff --git a/envs/wishlist-mongo.env.gpg b/envs/wishlist-mongo.env.gpg index 718ebd7a..3cc1ae04 100644 --- a/envs/wishlist-mongo.env.gpg +++ b/envs/wishlist-mongo.env.gpg @@ -1,3 +1,2 @@ -�  ���]��u0�ҟ���k����jH�윍<�0u$O��@(��k��Ny75�������=F��*�`�޾��Z��ͣ�I��P\�t�����&qjl�n�j;�M��>�x)��tdwZ�[6��� -��S#[�R���pZH%:o��9n�;F�� � -6��A�>��;��� \ No newline at end of file +�  ֒�?�(�ҟt�~�7�>TI�T����R�85y�uIZ��Xz��'~Y�m����3_>����g|Dԩ +���0y}�,ir�⋕��w��:�7&u��C��� ��O�Y��k�Q�<�G^ygщ�/ "3<>���e�lp�ܫ���К�����q �mS�K \ No newline at end of file diff --git a/envs/wishlist.env.gpg b/envs/wishlist.env.gpg index 9b3919a8..4d10126e 100644 Binary files a/envs/wishlist.env.gpg and b/envs/wishlist.env.gpg differ diff --git a/helm/nshm/templates/wishlist-mongo/deployment.yaml b/helm/nshm/templates/wishlist-mongo/deployment.yaml index bb7bd8cd..96d78fe3 100644 --- a/helm/nshm/templates/wishlist-mongo/deployment.yaml +++ b/helm/nshm/templates/wishlist-mongo/deployment.yaml @@ -44,7 +44,7 @@ spec: volumeMounts: - name: init-script mountPath: /docker-entrypoint-initdb.d - subPath: services/wishlist/database/prod + subPath: services/wishlist/database/production volumes: - name: init-script