Skip to content
forked from bketelsen/crypt

Store and retrieve encrypted configs from etcd or consul

License

Notifications You must be signed in to change notification settings

warkadiusz/crypt

 
 

Repository files navigation

crypt

This fork implements experimental support for age as an alternative encryption mechanism.

PGP is still supported. Encryption engine can be selected with -encryption-engine flag, with possible values of pgp and age. Note that -keyring and -secret-keyring file format must correspond to the selected encryption engine (PGP keyrings for PGP, recipient files for age.).

The reason behind that implementation was cumbersome handling of PGP keyrings with gpg, lack of maintainers/deprecation of golang.org/x/crypto/openpgp and general problems with PGP. Notably, some standalone tools exist for the purpose of PGP keys management, like gpg-tui.

For more information about age, keys management etc., check https://github.com/FiloSottile/age.

You can use crypt as a command line tool or as a configuration library:

Demo

Watch Kelsey explain crypt in this quick 5 minute video:

Crypt Demonstration Video

Generating gpg keys and keyrings

The crypt cli and config package require gpg keyrings.

Create a key and keyring from a batch file

vim app.batch
%echo Generating a configuration OpenPGP key
Key-Type: default
Subkey-Type: default
Name-Real: app
Name-Comment: app configuration key
Name-Email: [email protected]
Expire-Date: 0
%pubring .pubring.gpg
%secring .secring.gpg
%commit
%echo done

Run the following command:

gpg2 --batch --armor --gen-key app.batch

You should now have two keyrings, .pubring.gpg which contains the public keys, and .secring.gpg which contains the private keys.

Note the private key is not protected by a passphrase.

About

Store and retrieve encrypted configs from etcd or consul

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 97.4%
  • Makefile 2.6%