{"id":15167132,"url":"https://github.com/everbridge/generate-secure-pillar","last_synced_at":"2025-10-25T11:31:35.879Z","repository":{"id":64306389,"uuid":"129972064","full_name":"Everbridge/generate-secure-pillar","owner":"Everbridge","description":"Salt Secure Pillar Tool","archived":false,"fork":false,"pushed_at":"2024-02-28T20:20:59.000Z","size":355154,"stargazers_count":31,"open_issues_count":5,"forks_count":3,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-01-31T07:04:30.838Z","etag":null,"topics":["gnupg","gpg-encryption","pgp","salt","saltstack","secure"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Everbridge.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-17T22:26:18.000Z","updated_at":"2024-04-24T16:46:31.000Z","dependencies_parsed_at":"2023-11-22T18:29:31.319Z","dependency_job_id":"c1751478-8d63-461d-bd48-6818701b2623","html_url":"https://github.com/Everbridge/generate-secure-pillar","commit_stats":null,"previous_names":[],"tags_count":118,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Everbridge%2Fgenerate-secure-pillar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Everbridge%2Fgenerate-secure-pillar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Everbridge%2Fgenerate-secure-pillar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Everbridge%2Fgenerate-secure-pillar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Everbridge","download_url":"https://codeload.github.com/Everbridge/generate-secure-pillar/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238128558,"owners_count":19421054,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gnupg","gpg-encryption","pgp","salt","saltstack","secure"],"created_at":"2024-09-27T05:40:32.063Z","updated_at":"2025-10-25T11:31:35.874Z","avatar_url":"https://github.com/Everbridge.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# generate-secure-pillar\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/Everbridge/generate-secure-pillar)](https://goreportcard.com/report/github.com/Everbridge/generate-secure-pillar)\n\n## Create and update encrypted content or decrypt encrypted content in YAML files\n\n\u003chttps://blog.edlitmus.info/generate-secure-pillar/\u003e\n\n## USAGE\n\n   generate-secure-pillar [global options] command [command options] [arguments...]\n\n## VERSION 1.0.634\n\n## AUTHOR\n\n   Ed Silva \u003ced.silva@everbridge.com\u003e\n\n## HOMEBREW INSTALL\n\n``` shell\nbrew tap esilva-everbridge/homebrew-generate-secure-pillar\nbrew install generate-secure-pillar\n```\n\n## CONFIG FILE USAGE\n\nA config file can be used to set default values, and an example file is created if there isn't one already, with commented out values. The file location defaults to `~/.config/generate-secure-pillar/config.yaml`.\nProfiles can be specified and selected via a command line option.\n\n``` shell\nprofiles:\n  - name: dev\n    default: true\n    default_key: Dev Salt Master\n    gnupg_home: ~/.gnupg\n    default_pub_ring: ~/.gnupg/pubring.gpg\n    default_sec_ring: ~/.gnupg/secring.gpg\n  - name: prod\n    default: false\n    default_key: Prod Salt Master\n    gnupg_home: ~/.gnupg\n    default_pub_ring: ~/.gnupg/pubring.gpg\n    default_sec_ring: ~/.gnupg/secring.gpg\n...\n```\n\n## ABOUT PGP KEYS\n\nThe PGP keys you import for use with this tool need to be 'trusted' keys.\nAn easy way to do this is, after importing a key, run the following commands:\n\n``` shell\nexpect -c \"spawn gpg --edit-key '\u003cthe PGP key id here\u003e' trust quit; send \\\"5\\ry\\r\\\"; expect eof\"\n```\n\n(found here: \u003chttps://gist.github.com/chrisroos/1205934#gistcomment-2203760)\u003e\n\n## COMMANDS\n\n```text\n     create, c   create a new sls file\n     update, u   update the value of the given key in the given file\n     encrypt, e  perform encryption operations\n     decrypt, d  perform decryption operations\n     rotate, r   decrypt existing files and re-encrypt with a new key\n     keys, k     show PGP key IDs used\n     help, h     Shows a list of commands or help for one command\n```\n\n## GLOBAL OPTIONS\n\n- --profile value               default profile to use in the config file\n- --pubring value               PGP public keyring (default: \"~/.gnupg/pubring.gpg\" or \"$GNUPGHOME/pubring.gpg\")\n- --secring value               PGP private keyring (default: \"~/.gnupg/secring.gpg\" or \"$GNUPGHOME/secring.gpg\")\n- --pgp_key value, -k value     PGP key name, email, or ID to use for encryption\n- --debug                       adds line number info to log output\n- --element value, -e value     Name of the top level element under which encrypted key/value pairs are kept\n- --help, -h                    show help\n- --version, -v                 print the version\n\n## COPYRIGHT\n\n   (c) 2018 Everbridge, Inc.\n\n**CAVEAT: YAML files with include statements are not handled properly, so we skip them.**\n\n## EXAMPLES\n\n### specify a config profile and create a new file\n\n```$ generate-secure-pillar --profile dev create --name secret_name1 --value secret_value1 --name secret_name2 --value secret_value2 --outfile new.sls```\n\n### create a new sls file\n\n```$ generate-secure-pillar -k \"Salt Master\" create --name secret_name1 --value secret_value1 --name secret_name2 --value secret_value2 --outfile new.sls```\n\n### add to the new file\n\n```$ generate-secure-pillar -k \"Salt Master\" update --name new_secret_name --value new_secret_value --file new.sls```\n\n### update an existing value\n\n```$ generate-secure-pillar -k \"Salt Master\" update --name secret_name --value secret_value3 --file new.sls```\n\n### encrypt all plain text values in a file\n\n```$ generate-secure-pillar -k \"Salt Master\" encrypt all --file us1.sls --outfile us1.sls```\n\n### or use --update flag\n\n```$ generate-secure-pillar -k \"Salt Master\" encrypt all --file us1.sls --update```\n\n### encrypt all plain text values in a file under the element 'secret_stuff'\n\n```$ generate-secure-pillar -k \"Salt Master\" --element secret_stuff encrypt all --file us1.sls --outfile us1.sls```\n\n### recurse through all sls files, encrypting all values\n\n```$ generate-secure-pillar -k \"Salt Master\" encrypt recurse -d /path/to/pillar/secure/stuff```\n\n### recurse through all sls files, decrypting all values (requires imported private key)\n\n```$ generate-secure-pillar decrypt recurse -d /path/to/pillar/secure/stuff```\n\n### decrypt a specific existing value (requires imported private key)\n\n```$ generate-secure-pillar decrypt path --path \"some:yaml:path\" --file new.sls```\n\n### decrypt all files and re-encrypt with given key (requires imported private key)\n\n```$ generate-secure-pillar -k \"New Salt Master Key\" rotate -d /path/to/pillar/secure/stuff```\n\n### show all PGP key IDs used in a file\n\n```$ generate-secure-pillar keys all --file us1.sls```\n\n### show all keys used in all files in a given directory\n\n```$ generate-secure-pillar keys recurse -d /path/to/pillar/secure/stuff```\n\n### show the PGP key ID used for an element at a path in a file\n\n```$ generate-secure-pillar keys path --path \"some:yaml:path\" --file new.sls```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feverbridge%2Fgenerate-secure-pillar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feverbridge%2Fgenerate-secure-pillar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feverbridge%2Fgenerate-secure-pillar/lists"}