StevenChoo · April 13, 2025 13:19 · Apr 17, 2023 · Mar 27, 2023 · Mar 26, 2023 · Mar 22, 2023
diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -30,7 +30,7 @@ echo "
 #------------------------------------------------------------
 mkdir -p $HOME/.config/sops/age/;
 age-keygen > $HOME/.config/sops/age/keys.txt;
-chmod 600 $HOME/.config/sops/age/keys.txt;
+chmod 400 $HOME/.config/sops/age/keys.txt;
 AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);
 #------------------------------------------------------------
 

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -5,7 +5,7 @@
 # if you run it on your own system:
 #  1. you should use your own package manager instead of `apk`
 #  2. expect the following left overs:
-#    - installed binaries (age, age-keygen, curl, sops)
+#    - installed binaries (age, age-keygen, sops)
 #    - $HOME/.config/sops/age/keys.txt 
 #    - demo files: source.env, encrypted.env, decrypted.env
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -1,5 +1,5 @@
-# This demo uses an alpine sandbox in a docker container in interactive mode
-# ran with:
+# This demo uses an alpine sandbox in a docker container in 
+# interactive mode. ran with:
 #    docker run --rm -it alpine
 #
 # if you run it on your own system:
@@ -11,46 +11,65 @@
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   A R R A N G E
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
 echo "
 1. Installing packages: age";
+#------------------------------------------------------------
 apk add age;
+#------------------------------------------------------------
 
 echo "
 2. Installing sops binary and make it runnable";
+#------------------------------------------------------------
 wget https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux -O /usr/bin/sops && chmod +x /usr/bin/sops;
+#------------------------------------------------------------
 
 echo "
-3. create age encryption key, and extract the public key as AGE_PUB_KEY";
+3. create age encryption key, 
+   and extract the public key as AGE_PUB_KEY";
+#------------------------------------------------------------
 mkdir -p $HOME/.config/sops/age/;
 age-keygen > $HOME/.config/sops/age/keys.txt;
 chmod 600 $HOME/.config/sops/age/keys.txt;
 AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);
+#------------------------------------------------------------
 
 echo "
 4. create a demo .env file";
 # NOTE: it works with yaml, json, ini, and more
-#   (it relays on file suffix, but you can specify it explicitly using --input-type)
+#   (it relays on file suffix, 
+#    but you can specify it explicitly using --input-type)
+#------------------------------------------------------------
 cat << EOF > source.env
 USERNAME=the-user
 PASSWORD=the-password<shhhh!!!!!>
 EOF
+#------------------------------------------------------------
 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   A C T
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 echo "
-5. use sops to encrypt 'source.env' with Age, show the encrypted output on screen and save it as 'encrypted.env'";
+5. use sops to encrypt 'source.env' with Age, 
+   show the encrypted output on screen 
+   and save it as 'encrypted.env'";
+#------------------------------------------------------------
 sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;
+#------------------------------------------------------------
 
 echo "
-6. use sops to decrypt to compare the result with 'source.env'";
+6. use sops to decrypt 
+   to compare the result with 'source.env'";
+#------------------------------------------------------------
 sops -d encrypted.env > decrypted.env;
+#------------------------------------------------------------
 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   A S S E R T
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 echo "
 7. 'decrypted.env should be identical to 'source.env'";
+#------------------------------------------------------------
 if diff source.env decrypted.env; then
   echo "
     SUCCESS :) 
@@ -62,6 +81,7 @@ else
   exit 1;
 fi;
 
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # NOTE:
 #  now that your keys are set and you have an encrypted file,
 #  you call: 

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -68,4 +68,4 @@ fi;
 #     sops encrypted.env
 #  this will open it in your default editor.
 #  if you make changes - it will save your edits after encrypting the values
-#  (after which the `diff` above will no longer work)
+#  (after which the `diff` above will no longer work - it updates only the encrypted file)
diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -43,7 +43,7 @@ echo "
 sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;
 
 echo "
-6. decrypt to compare result with 'source.env'";
+6. use sops to decrypt to compare the result with 'source.env'";
 sops -d encrypted.env > decrypted.env;
 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -52,9 +52,13 @@ sops -d encrypted.env > decrypted.env;
 echo "
 7. 'decrypted.env should be identical to 'source.env'";
 if diff source.env decrypted.env; then
-  echo "     Pass :) ";
+  echo "
+    SUCCESS :) 
+  ";
 else
-  echo "     Failed :o";
+  echo "
+    Test failed :o
+  ";
   exit 1;
 fi;
 

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -9,7 +9,8 @@
 #    - $HOME/.config/sops/age/keys.txt 
 #    - demo files: source.env, encrypted.env, decrypted.env
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
+#   A R R A N G E
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 echo "
 1. Installing packages: age";
 apk add age;
@@ -34,6 +35,9 @@ USERNAME=the-user
 PASSWORD=the-password<shhhh!!!!!>
 EOF
 
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   A C T
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 echo "
 5. use sops to encrypt 'source.env' with Age, show the encrypted output on screen and save it as 'encrypted.env'";
 sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;
@@ -42,12 +46,15 @@ echo "
 6. decrypt to compare result with 'source.env'";
 sops -d encrypted.env > decrypted.env;
 
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   A S S E R T
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 echo "
-7. test results:";
+7. 'decrypted.env should be identical to 'source.env'";
 if diff source.env decrypted.env; then
-  echo "     Success - The result is THE SAME :) ";
+  echo "     Pass :) ";
 else
-  echo "     It did not work - the result is NOT THE SAME :o";
+  echo "     Failed :o";
   exit 1;
 fi;
 

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -39,7 +39,7 @@ echo "
 sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;
 
 echo "
-6. decrypt and compare with source";
+6. decrypt to compare result with 'source.env'";
 sops -d encrypted.env > decrypted.env;
 
 echo "

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -1,22 +1,22 @@
-# This deo uses an alpine sandbox in a docker container in interactive mode
+# This demo uses an alpine sandbox in a docker container in interactive mode
 # ran with:
 #    docker run --rm -it alpine
 #
 # if you run it on your own system:
-#  1. you should use your own package manager, 
+#  1. you should use your own package manager instead of `apk`
 #  2. expect the following left overs:
 #    - installed binaries (age, age-keygen, curl, sops)
 #    - $HOME/.config/sops/age/keys.txt 
 #    - demo files: source.env, encrypted.env, decrypted.env
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 echo "
-1. Installing packages: curl, age";
-apk add curl age;
+1. Installing packages: age";
+apk add age;
 
 echo "
 2. Installing sops binary and make it runnable";
-curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops && chmod +x /usr/bin/sops;
+wget https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux -O /usr/bin/sops && chmod +x /usr/bin/sops;
 
 echo "
 3. create age encryption key, and extract the public key as AGE_PUB_KEY";
@@ -35,7 +35,7 @@ PASSWORD=the-password<shhhh!!!!!>
 EOF
 
 echo "
-5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
+5. use sops to encrypt 'source.env' with Age, show the encrypted output on screen and save it as 'encrypted.env'";
 sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;
 
 echo "

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -10,33 +10,40 @@
 #    - demo files: source.env, encrypted.env, decrypted.env
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
-echo "1. Installing packages: curl, age";
+echo "
+1. Installing packages: curl, age";
 apk add curl age;
 
-echo "2. Installing sops binary and make it runnable";
+echo "
+2. Installing sops binary and make it runnable";
 curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops && chmod +x /usr/bin/sops;
 
-echo "3. create age encryption key, and extract the public key as AGE_PUB_KEY";
+echo "
+3. create age encryption key, and extract the public key as AGE_PUB_KEY";
 mkdir -p $HOME/.config/sops/age/;
 age-keygen > $HOME/.config/sops/age/keys.txt;
 chmod 600 $HOME/.config/sops/age/keys.txt;
 AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);
 
-echo "4. create a demo .env file";
+echo "
+4. create a demo .env file";
 # NOTE: it works with yaml, json, ini, and more
 #   (it relays on file suffix, but you can specify it explicitly using --input-type)
 cat << EOF > source.env
 USERNAME=the-user
 PASSWORD=the-password<shhhh!!!!!>
 EOF
 
-echo "5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
-sops -e -age $AGE_KEY source.env | tee encrypted.env;
+echo "
+5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
+sops -e -age $AGE_PUB_KEY source.env | tee encrypted.env;
 
-echo "6. decrypt and compare with source";
+echo "
+6. decrypt and compare with source";
 sops -d encrypted.env > decrypted.env;
 
-echo "7. test results:";
+echo "
+7. test results:";
 if diff source.env decrypted.env; then
   echo "     Success - The result is THE SAME :) ";
 else

diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -2,8 +2,12 @@
 # ran with:
 #    docker run --rm -it alpine
 #
-# if you run it on your own system you should use your own package manager, 
-# and expect $HOME/.config/sops/age/keys.txt 
+# if you run it on your own system:
+#  1. you should use your own package manager, 
+#  2. expect the following left overs:
+#    - installed binaries (age, age-keygen, curl, sops)
+#    - $HOME/.config/sops/age/keys.txt 
+#    - demo files: source.env, encrypted.env, decrypted.env
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 echo "1. Installing packages: curl, age";
@@ -38,4 +42,12 @@ if diff source.env decrypted.env; then
 else
   echo "     It did not work - the result is NOT THE SAME :o";
   exit 1;
-fi;
+fi;
+
+# NOTE:
+#  now that your keys are set and you have an encrypted file,
+#  you call: 
+#     sops encrypted.env
+#  this will open it in your default editor.
+#  if you make changes - it will save your edits after encrypting the values
+#  (after which the `diff` above will no longer work)
diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -6,60 +6,36 @@
 # and expect $HOME/.config/sops/age/keys.txt 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
-echo "
-Installing packages: curl, age
------------------------------------
-";
+echo "1. Installing packages: curl, age";
 apk add curl age;
 
-echo "
-Installing sops binary
------------------------------------
-";
-curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops;
-chmod +x /usr/bin/sops;
-
-echo "
-create age encryption key, and extract the public key as AGE_PUB_KEY 
------------------------------------
-";
+echo "2. Installing sops binary and make it runnable";
+curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops && chmod +x /usr/bin/sops;
 
+echo "3. create age encryption key, and extract the public key as AGE_PUB_KEY";
 mkdir -p $HOME/.config/sops/age/;
 age-keygen > $HOME/.config/sops/age/keys.txt;
 chmod 600 $HOME/.config/sops/age/keys.txt;
 AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);
 
-echo "
-create a demo .env file 
- NOTE: it works with yaml, json, ini, and more
-   (it relays on file suffix, but you can specify it explicitly using --input-type)
------------------------------------
-";
+echo "4. create a demo .env file";
+# NOTE: it works with yaml, json, ini, and more
+#   (it relays on file suffix, but you can specify it explicitly using --input-type)
 cat << EOF > source.env
 USERNAME=the-user
 PASSWORD=the-password<shhhh!!!!!>
 EOF
 
-echo "
-use sops to encrypt `source.env` with Age, show the encrypted output on screen
-and save it as `encrypted.env` 
------------------------------------
-";
+echo "5. use sops to encrypt `source.env` with Age, show the encrypted output on screen and save it as `encrypted.env`";
 sops -e -age $AGE_KEY source.env | tee encrypted.env;
 
-echo "
-decrypt and compare with source
------------------------------------
-";
-
+echo "6. decrypt and compare with source";
 sops -d encrypted.env > decrypted.env;
 
+echo "7. test results:";
 if diff source.env decrypted.env; then
-  echo "
-     Success - The result is THE SAME :)
-  ";
+  echo "     Success - The result is THE SAME :) ";
 else
-  echo "
-      It did not work - the result is NOT THE SAME :o
-  ";
+  echo "     It did not work - the result is NOT THE SAME :o";
+  exit 1;
 fi;
diff --git a/sops-with-age-encryption.demo.sh b/sops-with-age-encryption.demo.sh
@@ -0,0 +1,65 @@
+# This deo uses an alpine sandbox in a docker container in interactive mode
+# ran with:
+#    docker run --rm -it alpine
+#
+# if you run it on your own system you should use your own package manager, 
+# and expect $HOME/.config/sops/age/keys.txt 
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+echo "
+Installing packages: curl, age
+-----------------------------------
+";
+apk add curl age;
+
+echo "
+Installing sops binary
+-----------------------------------
+";
+curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux --output /usr/bin/sops;
+chmod +x /usr/bin/sops;
+
+echo "
+create age encryption key, and extract the public key as AGE_PUB_KEY 
+-----------------------------------
+";
+
+mkdir -p $HOME/.config/sops/age/;
+age-keygen > $HOME/.config/sops/age/keys.txt;
+chmod 600 $HOME/.config/sops/age/keys.txt;
+AGE_PUB_KEY=$(grep 'public key' $HOME/.config/sops/age/keys.txt | cut -d' ' -f 4);
+
+echo "
+create a demo .env file 
+ NOTE: it works with yaml, json, ini, and more
+   (it relays on file suffix, but you can specify it explicitly using --input-type)
+-----------------------------------
+";
+cat << EOF > source.env
+USERNAME=the-user
+PASSWORD=the-password<shhhh!!!!!>
+EOF
+
+echo "
+use sops to encrypt `source.env` with Age, show the encrypted output on screen
+and save it as `encrypted.env` 
+-----------------------------------
+";
+sops -e -age $AGE_KEY source.env | tee encrypted.env;
+
+echo "
+decrypt and compare with source
+-----------------------------------
+";
+
+sops -d encrypted.env > decrypted.env;
+
+if diff source.env decrypted.env; then
+  echo "
+     Success - The result is THE SAME :)
+  ";
+else
+  echo "
+      It did not work - the result is NOT THE SAME :o
+  ";
+fi;