diff --git a/README.md b/README.md index 6d31db7..96b9800 100644 --- a/README.md +++ b/README.md @@ -59,13 +59,17 @@ Context: This repo stores the keys used to encrypt secrets in other repos; these For verification purposes, this repo also contains a _sample_ `.sops.yaml` to which every key in the repo is added. This allows both Existing Users to instantly verify the new key, and New Users to verify that their sops installation works correctly. -### Update Verification SOPS Config +### [Existing User] Update Verification SOPS Config Follow the interactive prompts: ```shell ./verify/usr_confirm_keycfg.sh ``` +Now the sample secrets file _in this repo_ has been updated, and the New User should be able to decrypt it! + +Hand off to New User + ### Update Project SOPS Config The following commands explain how to update the `.sops.yaml` for a repository: @@ -114,11 +118,31 @@ SOPS is used for encrypting secrets, e.g. credentials for various systems ## Install +1. Install Sops: + https://github.com/getsops/sops Note: * MacOS: If desired, one can also use brew to install sops: `brew install sops`; although this is not officially maintained, [the formula is essentially the same as the official installation instructions](https://github.com/Homebrew/homebrew-core/blob/4496ce5131bc09e7065fa0aa8fb96366a3df6477/Formula/s/sops.rb) +2. Configure: + +Add the following to your `~/.bashrc` or `~/.zshrc` - but _not_ to your `~/.profile` as it must be set per session: + +```shell +# Enable interactive passphrase prompt for SOPS +export GPG_TTY=$(tty) +``` + +3. Verify + +Run the following command to verify local SOPS installation _and_ key configuration: + +```shell +# Follow the interactive prompts: +./verify/usr_confirm_keycfg.sh +``` + ## Usage Decrypt and Display Secrets in Terminal: @@ -126,6 +150,7 @@ Decrypt and Display Secrets in Terminal: ```bash GPG_TTY=$(tty) sops secrets.yaml ``` + Note: The `GPG_TTY` is necessary to have the password prompt appear. src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/