UNPKG

@sebastienrousseau/dotfiles

Version:

The Trusted Shell Platform — Universal dotfiles managed by Chezmoi. Features Bash & Zsh for macOS, Linux & WSL. Rust modern tooling & enterprise-grade security.

dotfiles.io

sebastienrousseau/dotfiles

58 lines (40 loc) 1.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
--- render_with_liquid: false --- # Secrets Encryption with SOPS and age ## Quick Start ```bash # 1. Generate an age key (one-time) mkdir -p ~/.config/sops/age age-keygen -o ~/.config/sops/age/keys.txt # 2. Get your public key age-keygen -y ~/.config/sops/age/keys.txt # Output: age1abc123... # 3. Update .sops.yaml with your public key # Replace the placeholder key in .sops.yaml with your actual public key # 4. Encrypt a file sops --encrypt --age $(age-keygen -y ~/.config/sops/age/keys.txt) secrets.yaml > secrets.sops.yaml # 5. Edit encrypted files sops secrets.sops.yaml ``` ## Key Management - **Private key**: `~/.config/sops/age/keys.txt` never commit this file. - **Public key**: Safe to share. It lives in `.sops.yaml`. - **Backup**: Keep your private key in a password manager or a hardware security module. ## Recovery If you lose your age private key, follow these steps: 1. Create a new key: `age-keygen -o ~/.config/sops/age/keys.txt` 2. Re-encrypt all secrets with the new public key. 3. Update `.sops.yaml` with the new public key. ## Integration with Chezmoi Chezmoi has built-in support for age encryption. ```bash chezmoi add --encrypt ~/.ssh/config ``` This encrypts the file in the source state. It uses the age key set in `~/.config/chezmoi/chezmoi.toml`: ```toml encryption = "age" [age] identity = "~/.config/sops/age/keys.txt" recipient = "age1abc123..." ```