kube/secrets/edit-secret.sh - buildbot - Git at Google

 #!/bin/bash
 set -e
 set -o pipefail

 # Retrieve a secret from berglas, edit, then write back to berglas.

 if [ $# -ne 2 ]; then
     echo "$0 <cluster-name> <secret-name>"
     exit 1
 fi

 REL=$(dirname "$0")
 source ${REL}/config.sh

 CLUSTER=$1
 SECRET_NAME=$2

 source ${REL}/../../bash/ramdisk.sh

 FILES=$(${REL}/get-secret.sh ${CLUSTER} ${SECRET_NAME} \
   | kubectl apply -f - --dry-run -o json \
   | jq -j '.data | keys | .[] | . + " "')
 echo ${FILES}
 for FILE in ${FILES}; do
   ${REL}/get-secret.sh ${CLUSTER} ${SECRET_NAME} \
   | kubectl apply -f - --dry-run -o json \
   | jq -r ".data[\"${FILE}\"]" \
   | base64 -d > /tmp/ramdisk/${FILE}
 done

 echo "Downloaded the ${SECRET_NAME} secrets to /tmp/ramdisk."
 echo ""
 read -r -p "Press enter when you are done editing..." key

 ${REL}/add-secret-from-directory.sh /tmp/ramdisk ${CLUSTER} ${SECRET_NAME}
	#!/bin/bash
	set -e
	set -o pipefail

	# Retrieve a secret from berglas, edit, then write back to berglas.

	if [ $# -ne 2 ]; then
	echo "$0 <cluster-name> <secret-name>"
	exit 1
	fi

	REL=$(dirname "$0")
	source ${REL}/config.sh

	CLUSTER=$1
	SECRET_NAME=$2

	source ${REL}/../../bash/ramdisk.sh

	FILES=$(${REL}/get-secret.sh ${CLUSTER} ${SECRET_NAME} \
	\| kubectl apply -f - --dry-run -o json \
	\| jq -j '.data \| keys \| .[] \| . + " "')
	echo ${FILES}
	for FILE in ${FILES}; do
	${REL}/get-secret.sh ${CLUSTER} ${SECRET_NAME} \
	\| kubectl apply -f - --dry-run -o json \
	\| jq -r ".data[\"${FILE}\"]" \
	\| base64 -d > /tmp/ramdisk/${FILE}
	done

	echo "Downloaded the ${SECRET_NAME} secrets to /tmp/ramdisk."
	echo ""
	read -r -p "Press enter when you are done editing..." key

	${REL}/add-secret-from-directory.sh /tmp/ramdisk ${CLUSTER} ${SECRET_NAME}