Age based repository file encryption gitops tool

Overview

agebox

agebox

CI Go Report Card Apache 2 licensed

Easy and simple file repository encryption tool based on Age.

Have you ever though "this should be simple" while you were using tools like Blackbox , Git-crypt or Sops? This is what agebox is. A tool on top of Age's security system that encrypts/decrypts your repository files, focused on simplicity and gitops.

Features

  • Secure (Agebox delegates security to Age).
  • Tracks encrypted files in repository.
  • No PGP and no agents, just simple SSH and Age key files.
  • File flexibility (encrypts/decrypts recursive paths, multiple/single files, all tracked files...).
  • Reencrypts all tracked files with a single command.
  • Focused on Gitops, CI flows and simplicity.
  • Works with any file (doesn't understand formats like JSON, YAML...).
  • Single binary/executable.
  • No side effects like VCS commands (e.g: doesn't execute Git commands for you).

Get agebox

Getting started

Initialize agebox tracking file.

agebox init

Encrypt (and track) multiple files.

agebox encrypt ./app1/secret1.yaml ./app2/secret1.yaml

Encrypt (and track) a directory in dry-run to see what would be encrypted before doing it.

agebox encrypt ./secrets --dry-run

Encrypt (and track) a directory and only (filter regex used) the secret named yaml files.

agebox encrypt ./manifests --filter ".*secret(\.yaml|\.yml)$"

Decrypt a subset of tracked secrets and a file.

agebox decrypt ./secrets/team-1 ./secrets/secret1.yaml

Decrypt only (filter regex used) team-a tracked files.

agebox decrypt ./secrets --filter ".*team-a.*"

Validate all tracked encrypted files exist and decryption is possible.

agebox decrypt --all --dry-run --force --no-log

Reencrypt all files.

agebox reencrypt

Untrack multiple files.

agebox untrack ./secrets/secret1.yaml ./secrets/secret2.yaml

Untrack and delete file.

agebox untrack ./secrets/secret1.yaml --delete

How does it work

When you initialize agebox on a repository it will create a file (.ageboxreg.yml) that will track all the encrypted files in the repository.

From now on if you encrypt files with agebox from the root of the repository it will:

  • Track the files if not already tracked.
  • Encrypt the files with the public keys in ./keys or --public-keys as recipients.
  • If is a directory it will expand to all the files in the directory and subdirectories.

As a regular flow of agebox usage examples, you can:

  • Decrypt tracked files as a single file, multiple files, a directory and its subdirectories...
  • Decrypt all tracked files (--all).
  • Reencrypt all tracked files with the public key recipients.
  • Encrypt all tracked files (--all) that are decrypted in the repository.
  • Untrack a file (and optionally delete from the file system).
  • Encrypt/decrypt in dry-run to validate (handy en CI for checking).

Check the Getting started section for specific commands.

Keys

Agebox supports the same asymmetric keys Age does:

  • X25519 (Age).
  • RSA SSH.
  • Ed25519 SSH.

Public keys

The public keys are the recipients of the encrypted files. With their respective private keys, users will be able to decrypt the files.

Public keys should be on a directory relative to the root of the repository (by default ./keys) at the moment of invoking encryption commands, this simplifies the usage of keys by not requiring pgp keys or agents.

Agebox will encrypt with the loaded public keys, this means that when we add or remove any public key we should reencrypt the tracked files.

In case you don't want to have all the public keys in all the repositories that are managed by agebox, you could centralize these keys in another repository andgetting them before invoking agebox. Some usage examples:

  • Git submodule git pull --recurse-submodules.
  • Git repo and previous agebox command invoke git clone/pull.
  • Download public keys from S3.

You can configure this with --public-keys flag or AGEBOX_PUBLIC_KEYS env var.

You can have multiple public keys in a file (one per line), like Age recipients file.

Private keys

Private key (singular) should be passed whenever a decrypt operation is made.

You can configure this with --private-key flag or AGEBOX_PRIVATE_KEY env var.

Alternatives

  • Blackbox: Uses PGP (requires an agent), complex and sometimes has undesired side effects (e.g git commands execution).
  • Sops: Lots of features and very complex for simple use cases.
  • Git-crypt: Uses PGP (requires an agent), complex, 100% tied to Git.

Kudos

Thanks to @FiloSottile, @Benjojo12 and all the other contributors of Age.

Without Age, Agebox would not exist.

Issues
  • Why is the .agebox file deleted on decrypt?

    Why is the .agebox file deleted on decrypt?

    Hello 👋

    I am playing around with agebox to track secrets in a git repository, and I am surprised by the fact that the .agebox file is deleted on decrypt.

    Used in git, this means that if I decrypt the file to feed it to my tool, I'm then going to need to git restore it each time before committing. Encrypting the file again is not really an option either since that's going to change the file even if there are no changes.

    There is the cat command, but in various situations it's cumbersome to have to deal with stdout for secret import, where having them in a file is straightforward (one can redirect cat to a file, but that’s again some unneeded ceremony from my point of view).

    Am I using agebox wrong in some way? 🤔

    I think having an option to keep the .agebox files on decrypting would make sense, with maybe an additional command that delete any unencrypted tracked secret file as a simple and VCS agnostic way of preventing those from lying around.

    opened by Mayeu 4
  • Add function for parsing age identity

    Add function for parsing age identity

    This new function will look for a line in the input string that starts with AGE-SECRET-KEY-1. That line is then cleaned of whitespaces and passed to age.ParseX25519Identity.

    Closes #79. Fixes #80.

    opened by cezarmathe 4
  • [QUESTION] How to use ssh-rsa/ed25519 keys?

    [QUESTION] How to use ssh-rsa/ed25519 keys?

    Hello!

    I'm evaluating agebox as an alternative to the currently used "blackbox" scripts.

    This is where I found that I can encrypt files using my ed25519 based ssh key but the decryption fails. I have tested this on MacOS (10.15.7) and Linux:

    > mkdir agebox-test
    > cd agebox-test
    > echo "HELLO" > testfile
    > agebox init
    
    > mkdir keys
    > ssh-keygen -t ed25519 -N "passphrase"
    # copy id_es25519.pub to ./keys
    
    > agebox encrypt testfile
    INFO[0000] Loaded public keys                            keys=1 svc=storage.fs.KeyRepository version=v0.2.0
    INFO[0000] Secret encrypted                              secret-id=testfile svc=box.encrypt.Service version=v0.2.0
    > agebox decrypt testfile.agebox --private-key id_es25519 # private key file is present in this directory
    
    error: "decrypt" command failed: could not decrypt: could not get private key: could not load private key in "id_es25519": invalid private key
    

    Can you help me finding out what I do wrong?

    Thank you for building agebox and for you help Frank

    enhancement 
    opened by thenoseman 3
  • Bump github.com/stretchr/testify from 1.7.1 to 1.7.5

    Bump github.com/stretchr/testify from 1.7.1 to 1.7.5

    Bumps github.com/stretchr/testify from 1.7.1 to 1.7.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 2
  • Bump golang from 1.18.1-alpine to 1.18.3-alpine in /docker/prod

    Bump golang from 1.18.1-alpine to 1.18.3-alpine in /docker/prod

    Bumps golang from 1.18.1-alpine to 1.18.3-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 2
  • Bump golang from 1.18.1 to 1.18.3 in /docker/dev

    Bump golang from 1.18.1 to 1.18.3 in /docker/dev

    Bumps golang from 1.18.1 to 1.18.3.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 2
  • [feature] allow users to communicate private key passphases more securely

    [feature] allow users to communicate private key passphases more securely

    This Issue was originally going to be "please allow private-key operations to be delegated to an ssh-agent", but having read the ssh-agent protocol, it appears that that isn't possible. The only private key operation available is signing something, not encrypting it.

    The root cause of the above request was me trying to solve the problem that building a developer/ops workflow around agebox is currently more annoying and fiddly than it could be. This is because a script that does any repeated validation/etc of encrypted files (e.g. working out which files need to be re-encrypted, versus those that could be git restored) will ask for the ssh passphrase on every agebox invocation.

    To avoid this, I could use the --passphrase=FOO parameter. But this isn't a great solution, for a few reasons:

    • it temporarily exposes the passphrase in the machine's process table, which might be a poor idea for shared/CI/etc machines
    • it requires me/the-script to solve the quoting problem for every possible set of shell meta-characters that /might/ exist in a passphrase
    • it leaves the passphrase in the shell's history file, if used interactively

    Other tools have solved this problem in a couple of different ways:

    • sigtool uses environment variable indirection: https://github.com/opencoff/sigtool/blob/master/sigtool.go#L98
      • NB this isn't simply foo-tool --passphrase $ENVVAR. It communicates the name of the envvar that the process should look up, independently, not the value: e.g. foo-tool --passphrase-envvar-name ENVVAR
    • a variety of tools implement a flag that means "read STDIN and assume that a machine/script is talking to you, not a human, so don't output any prompts/etc"

    Whilst the envvar-name-indirection route is probably the more useful one, I can see arguments for using STDIN from a security perspective. It'd be great to have either of these -- or both! -- as options for agebox :-)

    opened by jpluscplusm 2
  • Bump actions/checkout from 2.4.0 to 3

    Bump actions/checkout from 2.4.0 to 3

    Bumps actions/checkout from 2.4.0 to 3.

    Release notes

    Sourced from actions/checkout's releases.

    v3.0.0

    • Update default runtime to node16
    Changelog

    Sourced from actions/checkout's changelog.

    Changelog

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    v2 (beta)

    • Improved fetch performance
      • The default behavior now fetches only the SHA being checked-out
    • Script authenticated git commands
      • Persists with.token in the local git config
      • Enables your scripts to run authenticated git commands
      • Post-job cleanup removes the token
      • Coming soon: Opt out by setting with.persist-credentials to false
    • Creates a local branch
      • No longer detached HEAD when checking out a branch
      • A local branch is created with the corresponding upstream branch set
    • Improved layout

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 2
  • Ignore sockets when loading keys

    Ignore sockets when loading keys

    If a user uses ControlMaster in OpenSSH, UNIX sockets often appear in their ~/.ssh directory. These fail loading as a key. This skips those sockets in the filesystem.

    Fixes slok/agebox#101.

    opened by Matir 2
  • Bump filippo.io/age from 1.0.0-rc.3 to 1.0.0

    Bump filippo.io/age from 1.0.0-rc.3 to 1.0.0

    Bumps filippo.io/age from 1.0.0-rc.3 to 1.0.0.

    Release notes

    Sourced from filippo.io/age's releases.

    age v1.0.0 🏁

    age—pronounced [aɡe̞], like the Italian “aghe”—is a simple, modern and secure file encryption tool, format, and Go library.

    It features small explicit keys, no config options, and UNIX-style composability.

    $ age-keygen -o key.txt
    Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
    $ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age
    $ age --decrypt -i key.txt data.tar.gz.age > data.tar.gz
    

    v1.0.0 is the first stable release of the Go CLI and API, twenty months after the first beta.

    Learn more by reading the README, the age(1) man page, the Go API reference, or the original design document.

    Watch the repository or follow @​FiloSottile on Twitter to be notified of new releases.

    Commits
    • 552aa0a README: resize and center the logo
    • 47d8133 README: add new logo 🏛✨
    • 36b0a4f all: update dependencies and module version
    • fda8907 README: document new dl.filippo.io links
    • 7756fbf doc: regenerate groff and html man pages
    • 57f6b8a age,doc: document backwards compatibility policy
    • e08055f all: update x/sys to v0.0.0-20210630005230-0f9fa26af87c (#299)
    • 7cb6b84 README: mention official Void Linux package (#294)
    • 4ea591b HomebrewFormula: update age to v1.0.0-rc.3
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 2
  • What private key format does agebox expect?

    What private key format does agebox expect?

    I tried decrypting a file with the private key stored in the file generated by age-keygen -o key.txt and it just won't work.

    age version: devel (package version: 1.0.0rc.1-2, Arch Linux) agebox version: dev (installed with go install github.com/slok/agebox/cmd/[email protected])

    opened by cezarmathe 2
  • Bump golang from 1.18.1-alpine to 1.19.0-alpine in /docker/prod

    Bump golang from 1.18.1-alpine to 1.19.0-alpine in /docker/prod

    Bumps golang from 1.18.1-alpine to 1.19.0-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 0
  • Bump golang from 1.18.1 to 1.19.0 in /docker/dev

    Bump golang from 1.18.1 to 1.19.0 in /docker/dev

    Bumps golang from 1.18.1 to 1.19.0.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 0
  • Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0

    Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0

    Bumps github.com/sirupsen/logrus from 1.8.1 to 1.9.0.

    Commits
    • f8bf765 Merge pull request #1343 from sirupsen/dbd-upd-dep
    • ebc9029 update dependencies
    • 56c843c Merge pull request #1337 from izhakmo/fix-cve
    • 41b4ee6 update gopkg.in/yaml.v3 to v3.0.1
    • f98ed3e Merge pull request #1333 from nathanejohnson/bumpxsys
    • 2b8f60a bump version of golangci-lint
    • 0db10ef bump version of golang.org/x/sys dependency
    • 85981c0 Merge pull request #1263 from rubensayshi/fix-race
    • 79c5ab6 Merge pull request #1283 from sirupsen/dbd-log-doc
    • 5f8c666 Improve Log methods documentation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump github.com/stretchr/testify from 1.7.1 to 1.8.0

    Bump github.com/stretchr/testify from 1.7.1 to 1.8.0

    Bumps github.com/stretchr/testify from 1.7.1 to 1.8.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Bump xresloader/upload-to-github-release from 1.3.3 to 1.3.4

    Bump xresloader/upload-to-github-release from 1.3.3 to 1.3.4

    Bumps xresloader/upload-to-github-release from 1.3.3 to 1.3.4.

    Release notes

    Sourced from xresloader/upload-to-github-release's releases.

    v1.3.4

    CHANGLELOG

    • Update dependencies
    • Fix tag name when updating a existed release
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 1
  • agebox cannot be used to encrypt content for yubikey-backed keys

    agebox cannot be used to encrypt content for yubikey-backed keys

    When given a public key created with the age-plugin-yubikey plugin, agebox refuses to encrypt for it:

    WARN[0000] Could not load public key: invalid public key  key=keys/charles.age svc=storage.fs.KeyRepository version=0.6.1
    

    ...this means that even someone willing to use non-agebox tools to decrypt their content (in the interim pending plugin support available in the decryption path for agebox itself) cannot encrypt their content with such a key.

    opened by charles-dyfis-net 1
Releases(v0.6.1)
Owner
Xabier Larrakoetxea Gallego
SRE at @cabify
Xabier Larrakoetxea Gallego
Age-encrypted-notebook - Age encrypted notes saved in a bolt DB

Age Encrypted Notebook (aen) Disclaimer: This project has the sole purpose of ge

Nils Kuhnert 19 Aug 4, 2022
Terraform-provider-age - Age Terraform Provider with golang

Age Terraform Provider This provider lets you generate an Age key pair. Using th

ConsenSys Software 0 Feb 15, 2022
password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

null 5 May 30, 2022
ArgoCD is widely used for enabling CD GitOps. ArgoCD internally builds manifest from source data in Git repository, and auto-sync it with target clusters.

ArgoCD Interlace ArgoCD is widely used for enabling CD GitOps. ArgoCD internally builds manifest from source data in Git repository, and auto-sync it

International Business Machines 49 Jul 26, 2022
Cossack Labs 1k Aug 4, 2022
Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

FAV/E FAV/E (Find A Vulnerability/Exposure) utilizes the NIST CVE database search API to search for vulnerabilities and exposures while filtering base

Tony West 106 Aug 9, 2022
Sekura is an Encryption tool that's heavily inspired by the Rubberhose file system.

It allows for multiple, independent file systems on a single disk whose existence can only be verified if you posses the correct password.

null 51 Feb 1, 2022
This is a simple file storage server. User can upload file, delete file and list file on the server.

Simple File Storage Server This is a simple file storage server. User can upload file, delete file and list file on the server. If you want to build a

BH_Lin 0 Jan 19, 2022
`age-plugin-yubikey` implementation, encrypt things with a Yubikey/any PIV card

This is an age plugin for PIV cards/Yubikey. Your secret is kept safe on the tamperproof hardware, while letting you use the age command-line.

Tv 21 Aug 1, 2022
ORBOS - GitOps everything

ORBOS - GitOps everything ORBOS explained ORBITER BOOM Getting Started on Google Compute Engine In the following example we will create a kubernetes c

CAOS 111 Aug 1, 2022
Script to check open slot for 18+ age group in particular district and pin code area

Running instruction install go: 1.14 (might work with other versions as well) install following library for sending notifications go get -u github.com

Ajay Kumar Saini 4 Mar 22, 2022
Bootstrap curated Kubernetes stacks. Logging, metrics, ingress and more - delivered with gitops.

Gimlet Stack Bootstrap curated Kubernetes stacks. Logging, metrics, ingress and more - delivered with gitops. You can install logging aggregators, met

null 12 Dec 1, 2021
The Elastalert Operator is an implementation of a Kubernetes Operator, to easily integrate elastalert with gitops.

Elastalert Operator for Kubernetes The Elastalert Operator is an implementation of a Kubernetes Operator. Getting started Firstly, learn How to use el

null 20 Jun 28, 2022
sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP. (demo)

Mozilla 10.4k Aug 7, 2022
End-to-end encrypted email for the mesh networking age

Yggmail It's email, but not as you know it. Introduction Yggmail is a single-binary all-in-one mail transfer agent which sends and receives email nati

Neil Alexander 78 Jul 9, 2022
Mildly performant age public key bruteforcer

vanity-age Mildly performant age vanity public key brute-forcer.

Mars 9 Aug 30, 2021
Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops

ssh-to-age Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops Usage Exports the private key: $ ssh-to-age -private-ke

Jörg Thalheim 15 Jul 2, 2022
Cluster bootstraps for GitOps

Introduction Documentation Site Cluster bootstraps for Crossplane GitOps based on argocd, see main doc site for details PreRequisites K8 cluster eg ki

BBD Software 7 Mar 13, 2022
Encrypt embedded go files using age.

encembed Encrypt embedded resource in compiled binary using age. Meant for usage with go generate. This tool will generate a go source file that embed

C_Sto 32 Jul 26, 2022
gokp aims to install a GitOps Native Kubernetes Platform

gokp gokp aims to install a GitOps Native Kubernetes Platform. This project is a Proof of Concept centered around getting a GitOps aware Kubernetes Pl

Christian Hernandez 24 Jul 1, 2022
The Oracle Database Operator for Kubernetes (a.k.a. OraOperator) helps developers, DBAs, DevOps and GitOps teams reduce the time and complexity of deploying and managing Oracle Databases

The Oracle Database Operator for Kubernetes (a.k.a. OraOperator) helps developers, DBAs, DevOps and GitOps teams reduce the time and complexity of deploying and managing Oracle Databases. It eliminates the dependency on a human operator or administrator for the majority of database operations.

Oracle 74 Aug 5, 2022
A gRPC API for Warhammer Age of Sigmar

Warhammer ?? A gRPC API for Warhammer Age of Sigmar Intro ℹ️ Skip to Quick Start What is this? An API for creating, reading, deleting, and updating a

Britton Hayes 1 Oct 26, 2021
Foundational systems for gitops-style AWS development workflows

aws-basics Foundational systems for gitops-style AWS development workflows. Prerequisites GitHub and AWS accounts Terraform Golang Bootstrapping Setup

Ryan Clark 0 Oct 28, 2021
Democratizing GitOps

GitOps Engine Various GitOps operators address different use-cases and provide different user experiences but all have similar set of core features. T

Argo Project 1.4k Aug 9, 2022
Run infrastructure as code (IaC) software tools including CDK, Terraform and Cloud Formation via GitOps.

Argo CloudOps is Alpha on a good day, please only use as appropriate!!! What Is Argo CloudOps? Argo CloudOps is a service for running infrastructure a

argoproj-labs 225 Aug 3, 2022
Weave Ignite is an open source Virtual Machine (VM) manager with a container UX and built-in GitOps management.

Weave Ignite is an open source Virtual Machine (VM) manager with a container UX and built-in GitOps management.

Temur Yunusov 0 Nov 16, 2021
list or create gitlab project level variables for gitops

intro gitlab ci requires some env variables, for diffent projects these env vars may be same. so we have this cmd tool -- gitlab-vars install simplely

MAUTOPS 2 Dec 1, 2021
Digitalocean-kubernetes-challenge - Deploy a GitOps CI/CD implementation

DigitalOcean Kubernetes Challenge 2021 I chose to participate in the DigitalOcean Kubernetes Challenge in order to learn more about Kubernetes and to

Engin Diri 3 May 4, 2022
A Discord bot that automatically retrieves ELO ratings for Age of Empires 4 and gives users custom roles.

AOE 4 ELO Bot This is a Discord bot that automatically retrieves ELO ratings for Age of Empires 4 and gives users custom roles. Uses the public API fo

Alexis Geoffrey 1 May 13, 2022