plyint / encpass.sh Goto Github PK
View Code? Open in Web Editor NEWLightweight solution for using encrypted passwords in shell scripts
License: MIT License
Lightweight solution for using encrypted passwords in shell scripts
License: MIT License
Hello @ahnick,
Hope you are doing well. We are trying to use encpass in centos v 6.5. But we are facing some errors. Could you please suggest what went wrong?
[eretail@eretailapp01 DO_NOT_DELETE]$ . encpass.sh
basename: invalid option -- 'b'
Try `basename --help' for more information.
[eretail@eretailapp01 DO_NOT_DELETE]$ ll
total 52
-rwxr-xr-x 1 eretail eretail 47467 Jun 23 13:11 encpass.sh
-rwxr-xr-x 1 eretail eretail 1349 Jun 3 10:13 start_services.sh
[eretail@eretailapp01 DO_NOT_DELETE]$ cat /etc/*release
CentOS release 6.5 (Final)
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
[eretail@eretailapp01 DO_NOT_DELETE]$
Running encpass.sh lock
on macOS aborts with following error:
Enter Password to lock keys:
Confirm Password:
Locking key bucket1...
usage: enc -ciphername [-AadePp] [-base64] [-bufsize number] [-debug]
[-in file] [-iv IV] [-K key] [-k password]
[-kfile file] [-md digest] [-none] [-nopad] [-nosalt]
[-out file] [-pass arg] [-S salt] [-salt]
-A Process base64 data on one line (requires -a)
-a Perform base64 encoding/decoding (alias -base64)
-bufsize size Specify the buffer size to use for I/O
-d Decrypt the input data
-debug Print debugging information
-e Encrypt the input data (default)
-in file Input file to read from (default stdin)
-iv IV IV to use, specified as a hexadecimal string
-K key Key to use, specified as a hexadecimal string
-md digest Digest to use to create a key from the passphrase
-none Use NULL cipher (no encryption or decryption)
-nopad Disable standard block padding
-out file Output file to write to (default stdout)
-P Print out the salt, key and IV used, then exit
(no encryption or decryption is performed)
-p Print out the salt, key and IV used
-pass source Password source
-S salt Salt to use, specified as a hexadecimal string
-salt Use a salt in the key derivation routines (default)
-v Verbose
Valid ciphername values:
-aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-cfb
-aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr
-aes-128-ecb -aes-128-gcm -aes-128-ofb
-aes-128-xts -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-gcm -aes-192-ofb
-aes-256-cbc -aes-256-cbc-hmac-sha1 -aes-256-cfb
-aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr
-aes-256-ecb -aes-256-gcm -aes-256-ofb
-aes-256-xts -aes128 -aes192
-aes256 -bf -bf-cbc
-bf-cfb -bf-ecb -bf-ofb
-blowfish -camellia-128-cbc -camellia-128-cfb
-camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ecb
-camellia-192-ofb -camellia-256-cbc -camellia-256-cfb
-camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ecb
-camellia-256-ofb -camellia128 -camellia192
-camellia256 -cast -cast-cbc
-cast5-cbc -cast5-cfb -cast5-ecb
-cast5-ofb -chacha -des
-des-cbc -des-cfb -des-cfb1
-des-cfb8 -des-ecb -des-ede
-des-ede-cbc -des-ede-cfb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb
-des-ofb -des3 -desx
-desx-cbc -gost89 -gost89-cnt
-gost89-ecb -id-aes128-GCM -id-aes192-GCM
-id-aes256-GCM -rc2 -rc2-40-cbc
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -rc4-hmac-md5
Error: The key fle and/or lock file were not found as expected for key bucket1.
Locked 0 keys.
Hey @ahnick
Thank you for creating such a nice solution. I used it around 1 year ago but forgot how to save password in a bucket or as a standalone. Nor could I find any such direction anywhere. Could you please share commands to create password? Because I only know how to fetch the password
a small problem anyhow
I removed all - download encpass.sh again and did
[dbadmin@luechdb61 scripts]$ ./encpass.sh add db2Deploy.sh dbllua2
Adding secret "dbllua2" to bucket "db2Deploy.sh"...
Enter dbllua2:
Confirm dbllua2:
repeated for different users
retrieve : ok
[dbadmin@luechdb61 scripts]$ ./encpass.sh show
db2Deploy.sh:
dbllua1 = 9iOU0TBSXafvqKnH037c
dbllua2 = wwxICOwW0HJkjzrez49P
dbllud1 = VCYzqhvc8C1XMW6Uvfzc
dbllud2 = TgdTi4WJec3x55J17AwF
but when using
[dbadmin@luechdb61 scripts]$ get_secret db2Deploy.sh dbllua2
basename: invalid option -- 'b'
Try 'basename --help' for more information.
wwxICOwW0HJkjzrez49P
the password is correct bu complaining about basename
is this correct or only valid if called from db2Deploy.sh
best regards, Guy
when I use encpass from command line : no problem
#!/bin/sh
label=$1
. ./encpass.sh
password=$(get_secret $label)
echo "passw $password
[dbadmin@luechdb61 scripts]$ ./secret.sh dbllud1
passw VCYzqhvc8C1XMW6Uvfzc
[dbadmin@luechdb61 scripts]$ ./secret.sh dbllud2
passw TgdTi4WJec3x55J17AwF
password is correctly retrieved
now I call it from another script
......
usr_name=$(echo ${server_name} |cut -d ':' -f3)
echo "handling script_name ${Scr_nme} for server_name : ${srv_name=} dbname : ${db_name} "
. ./encpass.sh
password=$(get_secret ${usr_name})
....
in this case : I also echoed the input and is correct
but get_secret does not recognize this and wants to create a new entry although the entry is correctly displayed
[dbadmin@luechdb61 scripts]$ ./db2Deploy.sh -s scr.sql -m deploy.lst -e d
handling script_name scr.sql for server_name : luechdb61 dbname : IEEINT
xdbllud1x <--- echo from script x${usr_name}x
Enter dbllud1:
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
what could be the reason for this ?
thanks for all answer
best regards, Guy
Secrets don't properly get exported on ubuntu 20.04. I'm having trouble exporting them without having to enter them again on ubuntu. On Both different servers and the same server as root
The man
command in macOS doesn't support the -l
option.
$ encpass.sh help
man: invalid option -- l
man, version 1.6g
usage: man [-adfhktwW] [section] [-M path] [-P pager] [-S list]
[-m system] [-p string] name ...
there is a gold standard for this which integrates directly with git
https://www.passwordstore.org
good luck!
Thanks for the useful (and well thought out) tool.
Key files are named per the originating script. If the user has named that script as a dot file, encpass.sh
will name the key file as such. When using the lock and unlock function, they do not match dot files. A quick fix that worked for me was to add shopt -s dotglob
to the top of the encpass.sh
script. There are probably better ways to do this.
With newest changes we're using function get_secret param1 param2 are confusing.
Current behavior:
if I put get_secret param1 I will get secret param1 for label of current script name
if I put get_secret param1 param2 I will get secret param2 for label param1
if i put get_secret (without parameters) I will get secret "password" and label script name
param1 and param2 meaning changes depending on number of parameters.
Positional parameters should always mean the same. Since this function is used by programmers we should require all parameters. This way it always clear what password you're getting/setting. Default settings could be set for command line interface users.
if [ ! -z $1 ] && [ ! -z $2 ]; then
LABEL=$1
SECRET_NAME=$2
elif [ ! -z $1 ]; then
LABEL=$(basename $0)
SECRET_NAME=$1
...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.