Comment by woodruffw
9 months ago
The more general version of this is probably sops[1].
(A general problem with these kinds of “wrap GPG” tools is that you end up with “mystery meat” encryption/signatures: your tool’s security margin is at the mercy of GPG’s opaque and historically not very good defaults.)
This is 13 lines of Bash plus GPG which is available ~everywhere and a pretty lowish level Linux dependency. SOPS is +20KLOC of Go with support for cloud KMS etc etc. I think you got your mystery meat analogy backwards.
The mystery meat in question is GPG, not sops or this.
(I also wouldn’t call GPG a low level dependency.)
lowish. Meaning if you run a Linux desktop env with a mild amount of software installed it's likely pulled in already.
3 replies →
GPG man page is long. But to be fair, GPG, which I have used for decades, has never failed me.
I didn't know about sops, thanks for sharing!
Encrypting YAML files' values may be handy for another project - will take note of it.