@ -59,13 +59,17 @@ Context: This repo stores the keys used to encrypt secrets in other repos; these
For verification purposes, this repo also contains a _sample_`.sops.yaml` to which every key in the repo is added. This allows both Existing Users to instantly verify the new key, and New Users to verify that their sops installation works correctly.
Now the sample secrets file _in this repo_ has been updated, and the New User should be able to decrypt it!
Hand off to New User
### Update Project SOPS Config
The following commands explain how to update the `.sops.yaml` for a repository:
@ -114,11 +118,31 @@ SOPS is used for encrypting secrets, e.g. credentials for various systems
## Install
1. Install Sops:
https://github.com/getsops/sops
Note:
* MacOS: If desired, one can also use brew to install sops: `brew install sops`; although this is not officially maintained, [the formula is essentially the same as the official installation instructions](https://github.com/Homebrew/homebrew-core/blob/4496ce5131bc09e7065fa0aa8fb96366a3df6477/Formula/s/sops.rb)
2. Configure:
Add the following to your `~/.bashrc` or `~/.zshrc` - but _not_ to your `~/.profile` as it must be set per session:
```shell
# Enable interactive passphrase prompt for SOPS
export GPG_TTY=$(tty)
```
3. Verify
Run the following command to verify local SOPS installation _and_ key configuration:
```shell
# Follow the interactive prompts:
./verify/usr_confirm_keycfg.sh
```
## Usage
Decrypt and Display Secrets in Terminal:
@ -126,6 +150,7 @@ Decrypt and Display Secrets in Terminal:
```bash
GPG_TTY=$(tty) sops secrets.yaml
```
<!-- CAVEAT: if GPG_TTY is set in environment, no need to specify it again. Leaving it inline for this command to be explicit about requirement for correct functiuonality -->
Note: The `GPG_TTY` is necessary to have the password prompt appear. src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
LeeW