https://github.com/natrontech/sops-age-op
encryption with sops, age & 1password
https://github.com/natrontech/sops-age-op
Last synced: about 1 year ago
JSON representation
encryption with sops, age & 1password
- Host: GitHub
- URL: https://github.com/natrontech/sops-age-op
- Owner: natrontech
- License: apache-2.0
- Created: 2023-07-18T12:23:11.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-07-24T11:36:23.000Z (almost 3 years ago)
- Last Synced: 2025-03-24T21:02:59.832Z (about 1 year ago)
- Language: Shell
- Size: 6.84 KB
- Stars: 5
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Simple CLI for SOPS with age and 1password
This simple bash script is a wrapper for SOPS encryption with a age key saved in 1password.
You can directly encrypt and decrypt files without copy the public/private key onto the machine.
The script uses the 1password-host integration, where you have to be logged in (see Dependencies).
> ⚠️ At the moment, the script only supports the [in-place](https://github.com/getsops/sops#encrypt-or-decrypt-a-file-in-place) parameter of SOPS and will therefore encrypt/decrypt a file directly in place!
## Dependencies
- [age](https://age-encryption.org)
- [sops](https://github.com/getsops/sops)
- [1password cli](https://developer.1password.com/docs/cli/get-started) (`op`)
## Usage
```bash
sops-age-op --help
```
- `KEY_PATH` is the path to the key in the 1password vault in one of the following formats:
- `op://vault/title` (in this case, the defualt field name is `password`)
- `op://vault/title/field`
- `op://vault/title/section/field`
### Encryption
Encrypt a file:
```bash
./sops-age-op -e -k KEY_PATH [ FILE ]
```
### Decryption
Decrypt a sops file:
```bash
./sops-age-op -d -k KEY_PATH [ FILE ]
```
### Generate a new key
Generate a new age key and store it in the 1password vault. The type of the new item will be `Password`.
```bash
./sops-age-op -c -t [ TAGS ] -k KEY_PATH
```