obsidian-support-scripts/encrypt.py

102 lines
2.6 KiB
Python
Raw Permalink Normal View History

#
# Copyright © 2022 Maestro Creativescape
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Imports
from git import Repo
import os
from shutil import copytree, rmtree
from pathlib import Path
from glob import glob
import subprocess
from time import time
from shutil import rmtree
cwd = os.getcwd()
path = Path(cwd)
base_dir = str(path.parent.absolute())
# Blacklist, prevents handling these files altogether
BLACKLIST = [
".git",
".obsidian",
".idea",
".gitlab-ci.yml",
cwd.split(base_dir + "/")[1]
]
# Env vars to handle creds
enc_path = os.environ.get("ENCRYPTED_PATH")
enc_repo = os.environ.get("ENCRYPTED_REPO")
enc_key = os.environ.get("ENCRYPTION_KEY")
ssh_key = os.environ.get("SSH_SECRET_KEY")
git_ssh_cmd = f"ssh -i {ssh_key}"
# Create our encrypted directory base
current_time = str(int(time()))
if os.path.exists(enc_path):
rmtree(enc_path)
os.mkdir(enc_path)
os.chdir(enc_path)
# Initialise the repo for our encrypted directory and add the remote
repo = Repo.init(enc_path)
repo.create_remote(
"origin",
f"ssh://git@github.com/{enc_repo}.git",
)
# Glob the file list of "." starting files and non "." starting files
file_list = glob(base_dir + "/**/.*", recursive=True) + glob(
base_dir + "/**/*", recursive=True
)
# Start going through the file list, and create all directories
for i in file_list:
if os.path.isdir(i):
rel_path = i.split(base_dir + "/")[1]
for j in BLACKLIST:
if j in rel_path:
break
else:
os.mkdir(enc_path + "/" + rel_path)
# Use a subprocess to chacha20 encrypt everything, and push it to the requested directory
for i in file_list:
rel_path = i.split(base_dir + "/")[1]
if not os.path.isdir(i):
for j in BLACKLIST:
if j in rel_path:
break
else:
process = subprocess.run(
[
"openssl",
"enc",
"-chacha20",
"-base64",
"-salt",
"-iter",
"1000",
"-pass",
f"pass:{enc_key}",
"-md",
"sha512",
"-in",
i,
"-out",
enc_path + "/" + rel_path,
]
)
# Add, commit and push it all
repo.git.add(".")
repo.index.commit(f"Commit as of {current_time}")
repo.git.push("origin", "master", force=True, env=dict(GIT_SSH_COMMAND=git_ssh_cmd))
# Cleanup once you are done
rmtree(enc_path)