I need a bash script to source a file that is encrypted, as the file being sourced contains sensitive information.
I would like the script to prompt for the GPG passphrase and then run, sourcing the encrypted file. I cannot figure out how to do this though. There must be user input for the passphrase, as I don't want to store a key on the server with the encrypted file.
Looking into some different methods, I do not want to decrypt the file, source the non-encrypted file, then delete it after. I would like to reduce the chance of leaving an non-encrypted file behind, if something went wrong in the script.
Is there a way to get the GPG output of a file to source it this way? Possibly collecting STDOUT and parsing it (if GPG can even output the contents this way).
Also, if there is another way to encrypt a file that shell scripts can use, I am not aware of it, but open to other possibilities.
Best Answer
You can do this using process substitution.
Here's an example:
gpg -d
does not persist the file to disk, it just outputs it to stdout.<()
uses a FIFO, which also does not result in the actual file data being written to disk.In bash,
.
andsource
are synonyms, but.
is more portable (it's part of POSIX), so I've used it here. Note, however, that<()
is not as portable -- as far as I know it's only supported in bash, zsh, ksh88, and ksh93. pdksh and mksh have coprocesses which can have the same effect.