StevenChoo · April 13, 2025 13:19
diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
 # This deo uses an alpine sandbox in a docker container in interactive mode
 # ran with:
 #    docker run --rm -it alpine
 #
 # if you run it on your own system you should use your own package manager, 
 # and expect $HOME/.config/sops/age/keys.txt 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 echo "1. Installing packages: curl, age";
 apk add curl age;

 echo "2. Installing sops binary and make it runnable";
 curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops && chmod +x /usr/bin/sops;

 echo "3. create age encryption key, and extract the public key as AGE_PUB_KEY";
 mkdir -p $HOME/.config/sops/age/;
 age-keygen > $HOME/.config/sops/age/keys.txt;
 chmod 600 $HOME/.config/sops/age/keys.txt;
 AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);

 echo "4. create a demo .env file";
 # NOTE: it works with yaml, json, ini, and more
 #   (it relays on file suffix, but you can specify it explicitly using --input-type)
 cat << EOF > source.env
 USERNAME=the-user
 PASSWORD=the-password<shhhh!!!!!>
 EOF

 echo "5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
 sops -e -age $AGE_KEY source.env | tee encrypted.env;

 echo "6. decrypt and compare with source";
 sops -d encrypted.env > decrypted.env;

 echo "7. test results:";
 if diff source.env decrypted.env; then
  echo "     Success - The result is THE SAME :) ";
 else
  echo "     It did not work - the result is NOT THE SAME :o";
  exit 1;
 fi;
	# This deo uses an alpine sandbox in a docker container in interactive mode
	# ran with:
	# docker run --rm -it alpine
	#
	# if you run it on your own system you should use your own package manager,
	# and expect $HOME/.config/sops/age/keys.txt
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	echo "1. Installing packages: curl, age";
	apk add curl age;

	echo "2. Installing sops binary and make it runnable";
	curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops && chmod +x /usr/bin/sops;

	echo "3. create age encryption key, and extract the public key as AGE_PUB_KEY";
	mkdir -p $HOME/.config/sops/age/;
	age-keygen > $HOME/.config/sops/age/keys.txt;
	chmod 600 $HOME/.config/sops/age/keys.txt;
	AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt \| cut -d' ' -f 4);

	echo "4. create a demo .env file";
	# NOTE: it works with yaml, json, ini, and more
	# (it relays on file suffix, but you can specify it explicitly using --input-type)
	cat << EOF > source.env
	USERNAME=the-user
	PASSWORD=the-password<shhhh!!!!!>
	EOF

	echo "5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
	sops -e -age $AGE_KEY source.env \| tee encrypted.env;

	echo "6. decrypt and compare with source";
	sops -d encrypted.env > decrypted.env;

	echo "7. test results:";
	if diff source.env decrypted.env; then
	echo " Success - The result is THE SAME :) ";
	else
	echo " It did not work - the result is NOT THE SAME :o";
	exit 1;
	fi;