Improve how secrets and stored and used (#907)

author: Harsh Shandilya <msfjarvis@gmail.com> 2020-07-01 14:29:30 +0530
committer: GitHub <noreply@github.com> 2020-07-01 14:29:30 +0530
commit: 83ba0a3ed56661c17b06b11fcb91c72b94f5974b (patch)
tree: 49711bc817827b9a15c5d46e0d6dc5531e231b98 /release/signing-setup.sh
parent: f49d9c35e68faafe01f475f7a7525fbed31838db (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/release/signing-setup.sh b/release/signing-setup.sh
index b60902ee..896a78b0 100755
--- a/release/signing-setup.sh
+++ b/release/signing-setup.sh
@@ -2,12 +2,14 @@
 
 ENCRYPT_KEY=$1
 
-if [[ -n "$ENCRYPT_KEY" ]]; then
-    # Decrypt Release key
-    openssl enc -aes-256-cbc -md sha256 -d -in release/keystore.cipher -out keystore.jks -k "${ENCRYPT_KEY}"
+declare -A SECRETS
+SECRETS[release/keystore.cipher]=keystore.jks
+SECRETS[release/props.cipher]=keystore.properties
 
-    # Decrypt signing config
-    openssl enc -aes-256-cbc -md sha256 -d -in release/props.cipher -out keystore.properties -k "${ENCRYPT_KEY}"
+if [[ -n "$ENCRYPT_KEY" ]]; then
+    for src in "${!SECRETS[@]}"; do
+      openssl enc -aes-256-cbc -md sha256 -pbkdf2 -d -in "${src}" -out "${SECRETS[${src}]}" -k "${ENCRYPT_KEY}"
+    done
 else
-    echo "ENCRYPT_KEY is empty"
+    echo "Usage: ./signing-setup.sh <encryption key>"
 fi
author	Harsh Shandilya <msfjarvis@gmail.com>	2020-07-01 14:29:30 +0530
committer	GitHub <noreply@github.com>	2020-07-01 14:29:30 +0530
commit	83ba0a3ed56661c17b06b11fcb91c72b94f5974b (patch)
tree	49711bc817827b9a15c5d46e0d6dc5531e231b98 /release/signing-setup.sh
parent	f49d9c35e68faafe01f475f7a7525fbed31838db (diff)