professional-service/scripts/s3-ssec.sh
Michael Sodan db959fcb05
All checks were successful
Default CI / Check for Open TODOs (pull_request) Successful in 52s
Default CI / Secret Scanner (TruffleHog) (pull_request) Successful in 59s
Default CI / Pre-Commit Hooks (pull_request) Successful in 2m22s
example(scripts): S3 object storage SSE-C automation script
2026-05-20 11:33:53 +00:00

74 lines
2.4 KiB
Bash
Executable file

#!/bin/bash
set -e # Exit immediately if a command exits with a non-zero status
# Help / Usage output
usage() {
echo "Usage: $0 <upload|download> <filename>"
echo "Examples:"
echo " $0 upload /path/to/local/file.txt"
echo " $0 download file.txt"
exit 1
}
# Check for required arguments
if [ -z "$1" ] || [ -z "$2" ]; then
usage
fi
ACTION="$1"
TARGET_FILE="$2"
# ==============================================================================
# CONFIGURATION
# ==============================================================================
export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
export AWS_DEFAULT_REGION="eu01"
ENDPOINT="https://object.storage.eu01.onstackit.cloud"
BUCKET="s3://mybucket"
KEY_FILE="/root/ssec.key"
# ==============================================================================
# 1. GENERATE BINARY KEY (Only required once if the key file doesn't exist)
# ==============================================================================
if [ ! -f "$KEY_FILE" ]; then
echo "[*] Generating new binary 32-byte AES key..."
openssl rand 32 > "$KEY_FILE"
chmod 600 "$KEY_FILE"
fi
# ==============================================================================
# 2. ACTION EXECUTION (UPLOAD OR DOWNLOAD)
# ==============================================================================
if [ "$ACTION" == "upload" ]; then
# Check if the local file exists before uploading
if [ ! -f "$TARGET_FILE" ]; then
echo "Error: Local file '$TARGET_FILE' does not exist!"
exit 1
fi
REMOTE_NAME=$(basename "$TARGET_FILE")
echo "[*] Starting SSE-C upload of '$TARGET_FILE' to STACKIT..."
aws --endpoint-url "$ENDPOINT" s3 cp "$TARGET_FILE" "$BUCKET/$REMOTE_NAME" \
--sse-c AES256 \
--sse-c-key "fileb://$KEY_FILE"
echo "[+] Upload successful! '$REMOTE_NAME' is now stored encrypted in the bucket. 🚀"
elif [ "$ACTION" == "download" ]; then
REMOTE_NAME=$(basename "$TARGET_FILE")
LOCAL_DOWNLOAD_PATH="./${REMOTE_NAME}_downloaded"
echo "[*] Starting SSE-C download of '$REMOTE_NAME' from STACKIT..."
aws --endpoint-url "$ENDPOINT" s3 cp "$BUCKET/$REMOTE_NAME" "$LOCAL_DOWNLOAD_PATH" \
--sse-c AES256 \
--sse-c-key "fileb://$KEY_FILE"
echo "[+] Download successful! Saved to '$LOCAL_DOWNLOAD_PATH' 🚀"
else
echo "Error: Invalid action '$ACTION'."
usage
fi