Show: dhall-secret

Hey, just want to showcase a simple cli I made recently, which Iā€™m using very heavily together with dhall-kubernetes to deploy secret, as well as AWS KMS. Hope it can help anyone like me who too looking for the sops alternative that works with dhall expressions.

:link: GitHub - jcouyang/dhall-secret: Manage secrets in dhall config file

It is very straightforward and can encrypt/decrypt AWS KMS and age values in dhall expression with dhall-secret's type, example

$ dhall-secret encrypt <<< 'dhall-secret.AgeDecrypted {PlainText = "hello", Recipients=["age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg"]}'
let dhall-secret =
      https://raw.githubusercontent.com/jcouyang/dhall-secret/master/Type.dhall
        sha256:d7b55a2f433e19cf623d58c339346a604d96989f60cffdecee125a504a068dc9

in  dhall-secret.AgeEncrypted
      { Recipients =
        [ "age1lggyhqrw2nlhcxprm67z43rta597azn8gknawjehu9d9dl0jq3yqqvfafg" ]
      , CiphertextBlob =
          ''
          -----BEGIN AGE ENCRYPTED FILE-----
          YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cXJtTGNodTRKSnN3RFBo
          VUZQUUxjM2I2UnQ2VXJCUlBlRFVtUU52TWdZCklsRmdvRTRoVENyWnZhbDFSSllh
          WXFHeTBaeUE3VE1PTGQvaEJiTkprRm8KLS0tIGk1cENFbEM2NmMvU2h6azlxem5t
          Z0Q0ZFQ5QVdmR2ZNV2RZSnd1cXFQYk0KUcAPHZkamYXmKW/Nk6ZZiXkiI8MN3GJe
          UPGFL70/U1c/ph2s8g==
          -----END AGE ENCRYPTED FILE-----
          ''
      }

Feedback/PR welcome
Thanks

2 Likes