GPG Secrets Decryption is used for decrypting sops encrypted configs at run time.
Decrypt a config file using private key defined in $(HOME)/.gnupg
Ensure you have gpg
installed, this will allow you to generate keys to be used for encryption/decryption
gpg --version
Ensure you have sops
installed, this will allow you to encrypt the .yaml
files
sops --version
Generate a key to use to encrypt files
gpg --generate-key
Get the fingerprint of the key
gpg --list-keys
To export keys
gpg --output secring.gpg --armor --export-secret-key <fingerprint>
To import keys
gpg --allow-secret-key-import --import ./secring.gpg
To delete keys
gpg --delete-secret-key <fingerprint>
Encrypt a file with sops
sops -pgp <fingerprint> -e cmd/decrypt/config/review.yml
Take the output of the command above an paste it into config/review.yml
To Run:
cd cmd/decrypt && go run main.go
Decrypt a file with sops
sops -d cmd/decrypt/config/review.yml