-
Notifications
You must be signed in to change notification settings - Fork 2
/
Makefile
124 lines (98 loc) · 5.25 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
decrypt-production:
@cd env/production &&\
aws kms decrypt --ciphertext-blob fileb://.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env.zip &&\
unzip -o .env.zip
decrypt-staging:
@cd env/staging &&\
aws kms decrypt --ciphertext-blob fileb://.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env.zip &&\
unzip -o .env.zip
decrypt-dev:
@cd env/dev &&\
aws kms decrypt --ciphertext-blob fileb://.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env.zip &&\
unzip -o .env.zip
decrypt-sandbox:
@cd env/sandbox &&\
aws kms decrypt --ciphertext-blob fileb://.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env.zip &&\
unzip -o .env.zip
decrypt-scratch:
@cd env/scratch &&\
aws kms decrypt --ciphertext-blob fileb://.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env.zip &&\
unzip -o .env.zip
decrypt-production-orig:
@cd env/production &&\
aws kms decrypt --ciphertext-blob fileb://.env.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env
decrypt-staging-orig:
@cd env/staging &&\
aws kms decrypt --ciphertext-blob fileb://.env.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .env
decrypt-previous-staging:
@cd env/staging &&\
git cat-file blob origin/main:env/staging/.env.zip.enc.aws > .previous.env.zip.enc.aws &&\
aws kms decrypt --ciphertext-blob fileb://.previous.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .previous.env.zip &&\
unzip -o .previous.env.zip && mv .env .previous.env
decrypt-previous-production:
@cd env/production &&\
git cat-file blob origin/main:env/production/.env.zip.enc.aws > .previous.env.zip.enc.aws &&\
aws kms decrypt --ciphertext-blob fileb://.previous.env.zip.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .previous.env.zip &&\
unzip -o .previous.env.zip && mv .env .previous.env
check-staging: decrypt-previous-staging decrypt-staging
@cd env/staging &&\
sed -i.bak 's/=.*/=<hidden>/' .env &&\
sed -i.bak 's/=.*/=<hidden>/' .previous.env &&\
rm .*.bak &&\
diff -wB --old-line-format='-%L' --new-line-format='' --unchanged-line-format='' .previous.env .env | wc -l | xargs test 0 -eq
check-production:decrypt-previous-production decrypt-production
@cd env/production &&\
sed -i.bak 's/=.*/=<hidden>/' .env &&\
sed -i.bak 's/=.*/=<hidden>/' .previous.env &&\
rm *.bak &&\
diff -wB --old-line-format='-%L' --new-line-format='' --unchanged-line-format='' .previous.env .env | wc -l | xargs test 0 -eq
diff-staging: decrypt-previous-staging decrypt-staging
@cd env/staging &&\
diff .previous.env .env
diff-production: decrypt-previous-production decrypt-production
@cd env/production &&\
diff .previous.env .env
diff-production-orig: decrypt-production
@cd env/production &&\
git cat-file blob origin/main:env/production/.env.enc.aws > .previous.env.enc.aws &&\
aws kms decrypt --ciphertext-blob fileb://.previous.env.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .previous.env &&\
diff .previous.env .env
diff-staging-orig: decrypt-staging
@cd env/staging &&\
git cat-file blob origin/main:env/staging/.env.enc.aws > .previous.env.enc.aws &&\
aws kms decrypt --ciphertext-blob fileb://.previous.env.enc.aws --output text --query Plaintext --region ca-central-1 | base64 --decode > .previous.env &&\
diff .previous.env .env
encrypt-production:
cd env/production &&\
zip .env.zip .env &&\
aws kms encrypt --key-id e9461cc1-4524-4b50-b6e6-583013da2904 --plaintext fileb://.env.zip --output text --query CiphertextBlob --region ca-central-1 | base64 --decode > .env.zip.enc.aws
encrypt-staging:
cd env/staging &&\
zip .env.zip .env &&\
aws kms encrypt --key-id a92df413-fc30-4f3e-8047-7433e1a8ad02 --plaintext fileb://.env.zip --output text --query CiphertextBlob --region ca-central-1 | base64 --decode > .env.zip.enc.aws
encrypt-dev:
cd env/dev &&\
zip .env.zip .env &&\
aws kms encrypt --key-id a48012af-07a2-419d-8200-a1a8a2378ecf --plaintext fileb://.env.zip --output text --query CiphertextBlob --region ca-central-1 | base64 --decode > .env.zip.enc.aws
encrypt-sandbox:
cd env/sandbox &&\
zip .env.zip .env &&\
aws kms encrypt --key-id 1c729503-4bcc-445a-b2ff-bd0146282271 --plaintext fileb://.env.zip --output text --query CiphertextBlob --region ca-central-1 | base64 --decode > .env.zip.enc.aws
encrypt-scratch:
cd env/scratch &&\
zip .env.zip .env &&\
aws kms encrypt --key-id 7d2595b2-65ad-4093-b1df-b820b473d81c --plaintext fileb://.env.zip --output text --query CiphertextBlob --region ca-central-1 | base64 --decode > .env.zip.enc.aws
production-debug:
kubectl kustomize env/production
staging:
kubectl apply -k env/staging --force
staging-clear:
kubectl delete -k env/staging --force
staging-debug:
kubectl kustomize env/staging
env-keys-example:
@cat env.example | xargs -0 -L1 | grep "=" | cut -f1 -d"=" | sort | tr "\n" "|"
env-keys-production:
@cat env/production/.env | xargs -0 -L1 | grep "=" | cut -f1 -d"=" | sort | tr "\n" "|"
env-keys-staging:
@cat env/staging/.env | xargs -0 -L1 | grep "=" | cut -f1 -d"=" | sort | tr "\n" "|"