How to encrypt secrets in config files with sops
sops is an editor of encrypted files that supports YAML, JSON, ENV, INI
and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault
and PGP.
it’s meant to encrypt/decrypt sensitive values in config files. While it
seems to be primarily meant to integrate with the key management
services of the major cloud providers, it can also use a locally
installed PGP to be fully operational.
GnuPG allows you to encrypt and
sign your data and communications; it features a versatile key management
system, along with access modules for all kinds of public key
directories.
Download using below link
sops: https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.exe
GNUPG: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.4.5_20240307.exe
Generate key:
gpg –-full-generate-key
To list public fingerprint:
gpg --list-keys "devayanthakur@gmail.com" | grep pub -A 1 | grep -v pub
To export key:
gpg --export -a "devayanthakur@gmail.com" > public.key
gpg --export-secret-key -a "devayanthakur@gmail.com" > private.key
To import keys in different machine:
gpg --import public.key
gpg --allow-secret-key-import --import private.key test.yaml username: Devayan
password: newton2184
pin: 1234
description: my login to newtonInfo
To encrypt:
sops -e -i --pgp 9E7B9090D099653C7AD6B3DC1E09E75E62A022DF test.yaml 
To Decrypt: sops -d -i --pgp 9E7B9090D099653C7AD6B3DC1E09E75E62A022DF test.yaml
Posts
