blob: 4a8b6a6ad30eacf03b829294be9d43a6efeefab5 [file] [log] [blame]
#/bin/bash
# Restore a kubernetes secret from Google Cloud Storage.
# The argument to this script must be the full GCS path to the encrypted
# secret to restore:
#
# For example:
#
# ./restore-secret.sh gs://skia-public-backup/secrets/2018-05-05/alertmanager-webhook-chat-config.enc
if [ "$#" -ne 1 ]; then
echo "The argument must be a GCS path to the encrypted secret to restore. For example:"
echo ""
echo "./restore-secret.sh gs://skia-public-backup/secrets/2018-05-05/alertmanager-webhook-chat-config.enc"
exit 1
fi
gsutil cp $1 - | gcloud kms decrypt \
--ciphertext-file=- \
--plaintext-file=- \
--location=global \
--keyring=kubernetes-keyring \
--key=kubernetes-secrets | kubectl apply -f -