Add secure credential handling for FTP deployment
- Add GPG encryption for FTP credentials - Update deploy script to handle encrypted credentials - Add encryption script - Update .gitignore
This commit is contained in:
glenneth1
parent
8aef35df9a
commit
98bca71246
71
deploy.sh
71
deploy.sh
|
|
@ -1,5 +1,48 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Function to show usage
|
||||
show_usage() {
|
||||
echo "Usage: $0 [--ftp]"
|
||||
echo "Options:"
|
||||
echo " --ftp Upload to FTP server (requires .env.gpg file with encrypted credentials)"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Function to decrypt credentials
|
||||
decrypt_credentials() {
|
||||
if [ ! -f ".env.gpg" ]; then
|
||||
echo "Error: .env.gpg file not found!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Create a temporary file for decrypted credentials
|
||||
TEMP_ENV=$(mktemp)
|
||||
|
||||
# Decrypt the credentials
|
||||
if ! gpg --quiet --decrypt .env.gpg > "$TEMP_ENV"; then
|
||||
echo "Error: Failed to decrypt credentials!"
|
||||
rm "$TEMP_ENV"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Source the decrypted credentials
|
||||
source "$TEMP_ENV"
|
||||
|
||||
# Securely remove the temporary file
|
||||
rm "$TEMP_ENV"
|
||||
}
|
||||
|
||||
# Parse command line arguments
|
||||
USE_FTP=false
|
||||
while [[ "$#" -gt 0 ]]; do
|
||||
case $1 in
|
||||
--ftp) USE_FTP=true ;;
|
||||
-h|--help) show_usage ;;
|
||||
*) echo "Unknown parameter: $1"; show_usage ;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
# Ensure deploy directory structure exists
|
||||
mkdir -p deploy/content/posts
|
||||
|
||||
|
|
@ -44,3 +87,31 @@ cd ..
|
|||
echo "Deployment package created successfully!"
|
||||
echo "Your files are ready in the 'website-deploy.zip' file"
|
||||
echo "You can also find individual files in the 'deploy' directory"
|
||||
|
||||
# FTP Upload if requested
|
||||
if [ "$USE_FTP" = true ]; then
|
||||
# Decrypt and load credentials
|
||||
decrypt_credentials
|
||||
|
||||
if [ -z "$FTP_HOST" ] || [ -z "$FTP_USER" ] || [ -z "$FTP_PASS" ] || [ -z "$FTP_DIR" ]; then
|
||||
echo "Error: Missing FTP credentials!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if lftp is installed
|
||||
if ! command -v lftp &> /dev/null; then
|
||||
echo "Error: lftp is not installed. Please install it first."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Starting FTP upload..."
|
||||
lftp -c "
|
||||
set ssl:verify-certificate no;
|
||||
open -u $FTP_USER,$FTP_PASS $FTP_HOST;
|
||||
lcd deploy;
|
||||
cd $FTP_DIR;
|
||||
mirror -R --parallel=4 --verbose;
|
||||
bye"
|
||||
|
||||
echo "FTP upload completed!"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Check if .env exists
|
||||
if [ ! -f ".env" ]; then
|
||||
echo "Error: .env file not found!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Encrypt .env to .env.gpg
|
||||
gpg --symmetric --cipher-algo AES256 .env
|
||||
|
||||
# Check if encryption was successful
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Credentials encrypted successfully to .env.gpg"
|
||||
echo "You can now safely delete the original .env file"
|
||||
echo "To delete it, run: rm .env"
|
||||
else
|
||||
echo "Encryption failed!"
|
||||
fi
|
||||
Loading…
Reference in New Issue