Hey, just want to showcase a simple cli I made recently, which Iām using very heavily together with dhall-kubernetes to deploy secret, as well as AWS KMS. Hope it can help anyone like me who too looking for the sops alternative that works with dhall expressions.
GitHub - jcouyang/dhall-secret: Manage secrets in dhall config file
It is very straightforward and can encrypt/decrypt AWS KMS and age values in dhall expression with dhall-secret
's type, example
$ dhall-secret encrypt <<< 'dhall-secret.AgeDecrypted {PlainText = "hello", Recipients=["age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg"]}'
let dhall-secret =
https://raw.githubusercontent.com/jcouyang/dhall-secret/master/Type.dhall
sha256:d7b55a2f433e19cf623d58c339346a604d96989f60cffdecee125a504a068dc9
in dhall-secret.AgeEncrypted
{ Recipients =
[ "age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg" ]
, CiphertextBlob =
''
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cXJtTGNodTRKSnN3RFBo
VUZQUUxjM2I2UnQ2VXJCUlBlRFVtUU52TWdZCklsRmdvRTRoVENyWnZhbDFSSllh
WXFHeTBaeUE3VE1PTGQvaEJiTkprRm8KLS0tIGk1cENFbEM2NmMvU2h6azlxem5t
Z0Q0ZFQ5QVdmR2ZNV2RZSnd1cXFQYk0KUcAPHZkamYXmKW/Nk6ZZiXkiI8MN3GJe
UPGFL70/U1c/ph2s8g==
-----END AGE ENCRYPTED FILE-----
''
}
Feedback/PR welcome
Thanks