I am trying to decrypt a file to a bash variable and then pipe that to zcat and then pipe that mysql. Sending the output to file is not an option as it is a specified requirement.
so what I have is:
temp=$(gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg)
{ zcat preprocess.sql.gz; echo $temp | zcat; } | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID
The response is a correctly unzipped preprocess file followed by:
zcat: stdin is encrypted -- not supported
However when I do:
gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg > tempfile.sql.gz
zcat preprocess.sql.gz tempfile.sql.gz | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID
It works as expected. However as I said we do not want any decrypted files hanging around on the server for any length of time (some of the mysl imports take hours) so writing the file and then deleting it is not a starter.
So the question is why does gpg store something different in the $temp variable as compared to the file? and what can I do about it
However as I said we do not want any decrypted files hanging around on the server for any length of time ...
Instead of saying:
temp=$(gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg)
{ zcat preprocess.sql.gz; echo $temp | zcat; } | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID
say:
{ zcat preprocess.sql.gz; gpg --batch --quiet --yes --passphrase=XXXXXX --decrypt file.sql.gz.gpg | zcat; } | mysql -u$DB_USER -p$DB_PWD --host=$DB_HOST $DB_ID
And you'd even avoid a variable holding decrypted data!