I have a script that inserts data into Mongo from a CSV but I have to encrypt one of the columns before insertion.
#!/bin/bash
while IFS=, read -r f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12
do
ENCRYPT_VAL="$f5" | openssl aes-256-cbc -a -pbkdf2 -salt -pass pass:{*****}
if [ "$f4" = "m" ]
then
mongo a11_USER_gender --eval "db.m.insert({username: '$f1', first: '$f2', last: '$f3', gender: '$f4', dob: '$ENCRYPT_VAL', state: '$f6', municipality: '$f7', season: '$f8', continent: '$f9', elective: '$f10', f1: '$f11', airline: '$f12'})"
echo "Male Original value: '$f5'"
echo "Male Encrypted value: $ENCRYPT_VAL"
else
mongo a11_USER_gender --eval "db.f.insert({username: '$f1', first: '$f2', last: '$f3', gender: '$f4', dob: '$ENCRYPT_VAL', state: '$f6', municipality: '$f7', season: '$f8', continent: '$f9', elective: '$f10', f1: '$f11', airline: '$f12'})"
echo "Female Original value: '$f5'"
echo "Female Encrypted value: $ENCRYPT_VAL"
fi
done < /root/FileName.csv
I'm able to see that the variable has been successfully assigned the value of the encryption and that the Mongo insertion was seemingly successful. However, when I access the data inside of Mongo itself it displays a blank for that column. I'm absolutely lost as to what could be the cause. I've tried enclosing the variable inside of the eval command in various different ways. I know I could just encrypt and save the value to the CSV prior to insertion, but I still feel like my attempted solution should work?
Sample of Seemingly Correct Encryption:
MongoDB shell version v5.0.9
connecting to:mongodb://127.0.0.1:27017/a11_USER_gender?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("7d51958e-1550-4abc-ad2e-dbb8f0297646") }
MongoDB server version: 5.0.9
WriteResult({ "nInserted" : 1 })
Female Original value: 'february 20 1987'
Female Encrypted value:
U2FsdGVkX1/bKsrdCX7844Ozr6PkYRZnVZRcguYSBJE=
Sample of Erroneous Mongo Entry Below:
{
"_id" : ObjectId("62c21fa9463288ccfaddba16"),
"username" : "zc1615",
"first" : "zeena",
"last" : "crayton",
"gender" : "f",
"dob" : "",
"state" : "ne",
"municipality" : "coral_gables",
"season" : "summer",
"continent" : "asia",
"elective" : "mad3301",
"f1" : "williams",
"airline" : "gol"
}
CodePudding user response:
This:
ENCRYPT_VAL="$f5" | openssl aes-256-cbc -a -pbkdf2 -salt -pass pass:{*****}
Does not set ENCRYPT_VAL to the output of the openssl command. It temporarily sets ENCRYPT_VAL to the value of $f5 (see below), and then runs openssl on null input (printing the result to the console). So:
- You're not capturing the output of
openssl, and - You're not actually setting
ENCRYPT_VAL(this is why you end up with an empty string in Mongo)
If you want to capture the output of a command in a variable, use $(...), like this:
ENCRYPT_VAL="$( echo "$f5" | openssl aes-256-cbc -a -pbkdf2 -salt -pass pass:{*****} )"
The Bourne shell and derivatives allow you to provide temporary environment to a command by prefixing the command with variable expressions. For example, we can do this:
$ FOO=bar sh -c 'echo $FOO'
bar
That sets the variable FOO in the environment of the sh command. It doesn't set a shell variable in the current shell and it doesn't change the environment of the current shell.
When you write:
ENCRYPT_VAL="$f5" | openssl aes-256-cbc -a -pbkdf2 -salt -pass pass:{*****}
You're using exactly that syntax, except you're not even specifying a command, so it is entirely a no-op.