StevenChoo · April 13, 2025 13:19
diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
 # This deo uses an alpine sandbox in a docker container in interactive mode
 # ran with:
 #    docker run --rm -it alpine
 #
 # if you run it on your own system you should use your own package manager, 
 # and expect $HOME/.config/sops/age/keys.txt 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 echo "
 Installing packages: curl, age
 -----------------------------------
 ";
 apk add curl age;

 echo "
 Installing sops binary
 -----------------------------------
 ";
 curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops;
 chmod +x /usr/bin/sops;

 echo "
 create age encryption key, and extract the public key as AGE_PUB_KEY 
 -----------------------------------
 ";

 mkdir -p $HOME/.config/sops/age/;
 age-keygen > $HOME/.config/sops/age/keys.txt;
 chmod 600 $HOME/.config/sops/age/keys.txt;
 AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);

 echo "
 create a demo .env file 
 NOTE: it works with yaml, json, ini, and more
   (it relays on file suffix, but you can specify it explicitly using --input-type)
 -----------------------------------
 ";
 cat << EOF > source.env
 USERNAME=the-user
 PASSWORD=the-password<shhhh!!!!!>
 EOF

 echo "
 use sops to encrypt `source.env` with Age, show the encrypted output on screen
 and save it as `encrypted.env` 
 -----------------------------------
 ";
 sops -e -age $AGE_KEY source.env | tee encrypted.env;

 echo "
 decrypt and compare with source
 -----------------------------------
 ";

 sops -d encrypted.env > decrypted.env;

 if diff source.env decrypted.env; then
  echo "
     Success - The result is THE SAME :)
  ";
 else
  echo "
      It did not work - the result is NOT THE SAME :o
  ";
 fi;
	# This deo uses an alpine sandbox in a docker container in interactive mode
	# ran with:
	# docker run --rm -it alpine
	#
	# if you run it on your own system you should use your own package manager,
	# and expect $HOME/.config/sops/age/keys.txt
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	echo "
	Installing packages: curl, age
	-----------------------------------
	";
	apk add curl age;

	echo "
	Installing sops binary
	-----------------------------------
	";
	curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops;
	chmod +x /usr/bin/sops;

	echo "
	create age encryption key, and extract the public key as AGE_PUB_KEY
	-----------------------------------
	";

	mkdir -p $HOME/.config/sops/age/;
	age-keygen > $HOME/.config/sops/age/keys.txt;
	chmod 600 $HOME/.config/sops/age/keys.txt;
	AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt \| cut -d' ' -f 4);

	echo "
	create a demo .env file
	NOTE: it works with yaml, json, ini, and more
	(it relays on file suffix, but you can specify it explicitly using --input-type)
	-----------------------------------
	";
	cat << EOF > source.env
	USERNAME=the-user
	PASSWORD=the-password<shhhh!!!!!>
	EOF

	echo "
	use sops to encrypt `source.env` with Age, show the encrypted output on screen
	and save it as `encrypted.env`
	-----------------------------------
	";
	sops -e -age $AGE_KEY source.env \| tee encrypted.env;

	echo "
	decrypt and compare with source
	-----------------------------------
	";

	sops -d encrypted.env > decrypted.env;

	if diff source.env decrypted.env; then
	echo "
	Success - The result is THE SAME :)
	";
	else
	echo "
	It did not work - the result is NOT THE SAME :o
	";
	fi;
No results found