|
|
|
@ -7,4 +7,25 @@
|
|
|
|
gpg --import /path/to/keys/*.gpg.pub
|
|
|
|
gpg --import /path/to/keys/*.gpg.pub
|
|
|
|
|
|
|
|
|
|
|
|
### list imported gpg keys
|
|
|
|
### list imported gpg keys
|
|
|
|
gpg --list-keys --keyid-format=long
|
|
|
|
gpg --list-keys --keyid-format=long
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Configure SOPS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
|
|
GPG_TTY=$(tty) sops secrets.yaml
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Example
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
set -ueo pipefail
|
|
|
|
|
|
|
|
# demo: create a file with a mock secret, src: https://bash-org-archive.com/?244321
|
|
|
|
|
|
|
|
yq -n '.demo.credentials.secret = "hunter2"' > secret.yaml
|
|
|
|
|
|
|
|
# encrypt
|
|
|
|
|
|
|
|
sops -e -i secret.yaml
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# decript, print to console
|
|
|
|
|
|
|
|
sops -d secret.yaml
|
|
|
|
|
|
|
|
```
|
LeeW
11 months ago