You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.9 KiB
1.9 KiB
GPG Key Repo
Purpose: Manage gpg keys for:
- SOPS
Key Management
howto create and add a gpg key
- please follow instruction on following link: https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key
- add ONLY the PUBLIC part of your gpg key!!!
- checkin via MergeRequest/PullRequest
import gpg keys
gpg --import /path/to/keys/*.gpg.pub
list imported gpg keys
gpg --list-keys --keyid-format=long
EOL: Archive Expired Keys
To mark a key as expired, move it to the archive/ dir as follows:
mv ${keyname} "archive/${keyname}_$(date '+%Y-%m-%d').archive"
Configure SOPS
SOPS is used for encrypting secrets, e.g. credentials for various systems
Install
https://github.com/getsops/sops
Note:
- MacOS: If desired, one can also use brew to install sops:
brew install sops; although this is not officially maintained, the formula is essentially the same as the official installation instructions
Usage
Decrypt and Display Secrets in Terminal:
GPG_TTY=$(tty) sops secrets.yaml
Note: The GPG_TTY is necessary to have the password prompt appear. src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
Note: secrets.yaml is just an example; the file can have any name
Example
The steps in the following example can be run locally in order to:
- create a sample secrets file
- encrypt the file
- decrypt the file
If these steps work, sops configured correctly - on your machine ;-)
#!/usr/bin/env bash
set -ueo pipefail
# demo: create a file with a mock secret, src: https://bash-org-archive.com/?244321
yq -n '.demo.credentials.secret = "hunter2"' > secrets.yaml
# encrypt
sops -e -i secrets.yaml
# decript, print to console
sops -d secrets.yaml