From 48fdebee6a5b552f7e152d62d8ba99383ac7eb8d Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Mon, 10 Jun 2019 16:59:11 -0300 Subject: Encrypt attached log --- TODOs.org | 5 +++-- scripts/ci/mail.sh | 4 +++- secrets/envrc.sh | Bin 2738 -> 2769 bytes 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/TODOs.org b/TODOs.org index dbd9dc8..96fbebe 100644 --- a/TODOs.org +++ b/TODOs.org @@ -143,11 +143,12 @@ Right now, secrets are scattered between the two repositories. By moving I can c ** TODO Run backup on Terraform destroy action instead of manually in =provision.sh= ** DONE Explicitly destroy Droplets before running Terraform apply CLOSED: [2019-06-05 Wed 19:48] -** TODO Store updated =.tfstate= even in case of deployment failure +** NEXT Store updated =.tfstate= even in case of deployment failure Right now the script fails on Terraform commands before reaching git commands. I should trap the error, store on git and only then fail. ** DONE Fix alias in =bash-profile.sh= CLOSED: [2019-06-10 Mon 09:01] -** TODO Email verbose (Ansible) log files in case of error +** DONE Email verbose (Ansible) log files in case of error +CLOSED: [2019-06-10 Mon 16:59] builds.sr.ht only emails the link. Should it be extended to support encrypted log attachments? ** TODO Use environment variables for SSH key paths and volume mounts ** DONE Don't allow backups to fail diff --git a/scripts/ci/mail.sh b/scripts/ci/mail.sh index 420c35f..8585cf1 100755 --- a/scripts/ci/mail.sh +++ b/scripts/ci/mail.sh @@ -35,6 +35,8 @@ EOF ) cat ./logs/*.txt > "${ATTACHMENT_PATH}" +gpg -r "${GPG_TO}" \ + -e "${ATTACHMENT_PATH}" curl "${MAILGUN_URL}" \ -s \ @@ -43,4 +45,4 @@ curl "${MAILGUN_URL}" \ -F to="${MAILGUN_TO}" \ -F subject="${SUBJECT}" \ -F text="${BODY}" \ - -F attachment="@${ATTACHMENT_PATH}" + -F attachment="@${ATTACHMENT_PATH}.gpg" diff --git a/secrets/envrc.sh b/secrets/envrc.sh index 62b27c6..10efe8e 100644 Binary files a/secrets/envrc.sh and b/secrets/envrc.sh differ -- cgit v1.2.3