38 lines
956 B
Bash
38 lines
956 B
Bash
#!/bin/bash
|
|
|
|
echo "Push secrets to storage of secrets on SERVER_ORIGIN_DOMAIN..."
|
|
|
|
if [ "$(id -u)" != "0" ]; then
|
|
echo -e "\033[31mThis script requires superuser rights.\033[0m"
|
|
exit 0
|
|
fi
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Usage: $0 <REMOTE_SERVER_HOST>"
|
|
exit 1
|
|
fi
|
|
|
|
REMOTE_SERVER_HOST=$1
|
|
SAFE_DIR="/data/secrets/safe"
|
|
ARCHIVE_FILE="$SAFE_DIR/$REMOTE_SERVER_HOST.tar.gz"
|
|
REMOTE_USER="root"
|
|
SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env
|
|
|
|
trap 'echo -e "\033[31msecrets-push.sh: Something went wrong\033[0m"; exit 1' ERR
|
|
set -e
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
source $SECRETS_PATH
|
|
|
|
echo "Encrypt secrets..."
|
|
bash secrets-encrypt.sh $REMOTE_SERVER_HOST
|
|
|
|
echo "Create SAFE_DIR on ORIGIN server..."
|
|
ssh $REMOTE_USER@$SERVER_ORIGIN_DOMAIN "mkdir -p $SAFE_DIR"
|
|
|
|
echo "Save archive on ORIGIN server safe..."
|
|
scp $ARCHIVE_FILE $REMOTE_USER@$SERVER_ORIGIN_DOMAIN:$SAFE_DIR
|
|
|
|
trap - ERR
|
|
echo "Secrets for $REMOTE_SERVER_HOST pushed complete" |