Add secure credential handling for FTP deployment
- Add GPG encryption for FTP credentials - Update deploy script to handle encrypted credentials - Add encryption script - Update .gitignore
This commit is contained in:
glenneth1
parent
8aef35df9a
commit
98bca71246
71
deploy.sh
71
deploy.sh
|
|
@ -1,5 +1,48 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Function to show usage
|
||||||
|
show_usage() {
|
||||||
|
echo "Usage: $0 [--ftp]"
|
||||||
|
echo "Options:"
|
||||||
|
echo " --ftp Upload to FTP server (requires .env.gpg file with encrypted credentials)"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Function to decrypt credentials
|
||||||
|
decrypt_credentials() {
|
||||||
|
if [ ! -f ".env.gpg" ]; then
|
||||||
|
echo "Error: .env.gpg file not found!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create a temporary file for decrypted credentials
|
||||||
|
TEMP_ENV=$(mktemp)
|
||||||
|
|
||||||
|
# Decrypt the credentials
|
||||||
|
if ! gpg --quiet --decrypt .env.gpg > "$TEMP_ENV"; then
|
||||||
|
echo "Error: Failed to decrypt credentials!"
|
||||||
|
rm "$TEMP_ENV"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Source the decrypted credentials
|
||||||
|
source "$TEMP_ENV"
|
||||||
|
|
||||||
|
# Securely remove the temporary file
|
||||||
|
rm "$TEMP_ENV"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Parse command line arguments
|
||||||
|
USE_FTP=false
|
||||||
|
while [[ "$#" -gt 0 ]]; do
|
||||||
|
case $1 in
|
||||||
|
--ftp) USE_FTP=true ;;
|
||||||
|
-h|--help) show_usage ;;
|
||||||
|
*) echo "Unknown parameter: $1"; show_usage ;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
# Ensure deploy directory structure exists
|
# Ensure deploy directory structure exists
|
||||||
mkdir -p deploy/content/posts
|
mkdir -p deploy/content/posts
|
||||||
|
|
||||||
|
|
@ -44,3 +87,31 @@ cd ..
|
||||||
echo "Deployment package created successfully!"
|
echo "Deployment package created successfully!"
|
||||||
echo "Your files are ready in the 'website-deploy.zip' file"
|
echo "Your files are ready in the 'website-deploy.zip' file"
|
||||||
echo "You can also find individual files in the 'deploy' directory"
|
echo "You can also find individual files in the 'deploy' directory"
|
||||||
|
|
||||||
|
# FTP Upload if requested
|
||||||
|
if [ "$USE_FTP" = true ]; then
|
||||||
|
# Decrypt and load credentials
|
||||||
|
decrypt_credentials
|
||||||
|
|
||||||
|
if [ -z "$FTP_HOST" ] || [ -z "$FTP_USER" ] || [ -z "$FTP_PASS" ] || [ -z "$FTP_DIR" ]; then
|
||||||
|
echo "Error: Missing FTP credentials!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if lftp is installed
|
||||||
|
if ! command -v lftp &> /dev/null; then
|
||||||
|
echo "Error: lftp is not installed. Please install it first."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting FTP upload..."
|
||||||
|
lftp -c "
|
||||||
|
set ssl:verify-certificate no;
|
||||||
|
open -u $FTP_USER,$FTP_PASS $FTP_HOST;
|
||||||
|
lcd deploy;
|
||||||
|
cd $FTP_DIR;
|
||||||
|
mirror -R --parallel=4 --verbose;
|
||||||
|
bye"
|
||||||
|
|
||||||
|
echo "FTP upload completed!"
|
||||||
|
fi
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Check if .env exists
|
||||||
|
if [ ! -f ".env" ]; then
|
||||||
|
echo "Error: .env file not found!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Encrypt .env to .env.gpg
|
||||||
|
gpg --symmetric --cipher-algo AES256 .env
|
||||||
|
|
||||||
|
# Check if encryption was successful
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
echo "Credentials encrypted successfully to .env.gpg"
|
||||||
|
echo "You can now safely delete the original .env file"
|
||||||
|
echo "To delete it, run: rm .env"
|
||||||
|
else
|
||||||
|
echo "Encryption failed!"
|
||||||
|
fi
|
||||||
Loading…
Reference in New Issue