RC Logr 20200710 183207

Friday, 10 Jul, 2020

One way to hide the contents of a file, e.g. one containing environment variables containing secrets, is to use gpg symmetric encryption, which means encrypt and decrypt use the same secret. It is convenient, and you can supply the secret when you need it. 🤖

For example:

1
2
3
4
5

% gpg --symmetric --cipher-algo TWOFISH /path/to/vars.txt
  Password: ********
  Re-enter: ********
% gpg --output /path/to/working/vars.txt --decrypt /path/to/vars.txt.gpg
  Password: ********

The encrypt command will create a file vars.txt.gpg and if you list its contents you will see they are encrypted.