| ▲ | woodruffw 4 days ago |
| The more general version of this is probably sops[1]. (A general problem with these kinds of “wrap GPG” tools is that you end up with “mystery meat” encryption/signatures: your tool’s security margin is at the mercy of GPG’s opaque and historically not very good defaults.) [1]: https://github.com/getsops/sops |
|
| ▲ | theteapot 4 days ago | parent | next [-] |
| This is 13 lines of Bash plus GPG which is available ~everywhere and a pretty lowish level Linux dependency. SOPS is +20KLOC of Go with support for cloud KMS etc etc. I think you got your mystery meat analogy backwards. |
| |
| ▲ | woodruffw 4 days ago | parent [-] | | The mystery meat in question is GPG, not sops or this. (I also wouldn’t call GPG a low level dependency.) | | |
| ▲ | theteapot 4 days ago | parent [-] | | lowish. Meaning if you run a Linux desktop env with a mild amount of software installed it's likely pulled in already. | | |
| ▲ | woodruffw 3 days ago | parent | next [-] | | I’ve used a Linux desktop for my entire adult life, and I’m pretty sure GPG has never been bundled directly with my environment. I used to install it directly, but I haven’t needed that in years either since everything I needed GPG for (= git) supports SSH signing instead. | |
| ▲ | ikiris 4 days ago | parent | prev [-] | | So is Perl, that doesn’t make it a good argument to use it still for the same reasons. | | |
| ▲ | akoboldfrying 2 days ago | parent [-] | | Perl is horrible, but for one-liners it's strictly less horrible than either sed or awk, which people still use because they are less horrible than pure Bourne shell for some common tasks. |
|
|
|
|
|
| ▲ | aborsy 4 days ago | parent | prev | next [-] |
| GPG man page is long. But to be fair, GPG, which I have used for decades, has never failed me. |
|
| ▲ | mgarciaisaia 4 days ago | parent | prev [-] |
| I didn't know about sops, thanks for sharing! Encrypting YAML files' values may be handy for another project - will take note of it. |
