https://github.com/dmpe/rage-sops
Prototype for (R)AGE-SOPS integration
https://github.com/dmpe/rage-sops
age-encryption encryption encryption-tool rage rust sops
Last synced: over 1 year ago
JSON representation
Prototype for (R)AGE-SOPS integration
- Host: GitHub
- URL: https://github.com/dmpe/rage-sops
- Owner: dmpe
- Created: 2024-03-09T15:31:29.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-09T15:35:30.000Z (about 2 years ago)
- Last Synced: 2025-01-05T23:11:48.084Z (over 1 year ago)
- Topics: age-encryption, encryption, encryption-tool, rage, rust, sops
- Homepage:
- Size: 3.91 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
README
# Rust based AGE - with SOPS integration
Documents how to use `rage` for encrypting/decrypting file using `SOPS`.
- https://github.com/getsops/sops/issues/1103#issuecomment-1866390434
- https://github.com/FiloSottile/age/
- https://github.com/str4d/rage
## 1. Prepare to encrypt
Generate identity (private) and recipient (public) with password - will ask for it interactively
See also
```bash
$ rage-keygen | rage -p - > key.enc
Public key: age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j
```
## 2. Encrypt
Encrypt the text file with sops
```bash
sops -e --age age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j text-clear.yaml > secret.yaml
```
## 3. Prepare to decrypt
Uses key.enc which was generated in the first step.
This will ask for password again, interactively
```bash
SOPS_AGE_KEY=$(rage -d key.enc)
```
this will also print
```
# created: 2024-03-09T16:00:50+01:00
# public key: age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j
AGE-SECRET-KEY-1MUAJZM5AEKU0VFDJLX3G8WKQ7FQXL8UNCA86USQLFPEQ2870ZX8Q3MHGAX
```
```
$ echo $SOPS_AGE_KEY
# created: 2024-03-09T16:00:50+01:00 # public key: age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j AGE-SECRET-KEY-1MUAJZM5AEKU0VFDJLX3G8WKQ7FQXL8UNCA86USQLFPEQ2870ZX8Q3MHGAX
```
## 4. Decrypt
`SOPS` for whatever reason requires `~/.config/sops/age/keys.txt` on my local Linux Mint.
Setting env variable `SOPS_AGE_KEY_FILE` or `SOPS_AGE_KEY` did not work out out of the box...
```bash
$ cat ~/.config/sops/age/keys.txt
AGE-SECRET-KEY-1MUAJZM5AEKU0VFDJLX3G8WKQ7FQXL8UNCA86USQLFPEQ2870ZX8Q3MHGAX
# Now decrypt secret file - works
sops -d secret.yaml > clear2.yaml
```