Avroid/secrets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[DO-437] add consul credentials

Browse Source
This commit is contained in:
Rustam Tagaev
2024-04-15 16:40:45 +03:00
parent a12974d8be
commit 30afbf7aed
3 changed files with 63 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@@ -1,10 +1,10 @@
# GPG helper script
Use ./gpg-tool.sh to automate gpg operations
Usage:
-------------------------------------
## Usage
```
```bash
gpg-tool.sh [args] file
Commands:
@@ -21,12 +21,14 @@ Example:
./gpg-tool.sh --encrypt secrets.txt
```
# Как переподписать секреты новым ключом
```
## Как переподписать секреты новым ключом
1. Сгенерировать и добавить новый ключ в каталог `keys`
Статья: https://eva.avroid.tech/project/Document/DOC-000832#gpg-how-to
[Статья:](https://eva.avroid.tech/project/Document/DOC-000832#gpg-how-to)
2. Перейти в корень репозитория и выполнить команды:
```bash
./gpg-tool.sh --import_keys
./gpg-tool.sh --decrypt secrets.txt.asc
@@ -38,26 +40,29 @@ Example:
3. Переподписанные файлы .asc PUSH в репозиторий
```
## How to use GPG
# How to use GPG
To encrypt a document the option --encrypt is used. You must have the public keys of the intended recipients. The software expects the name of the document to encrypt as input or, if omitted, on standard input. The encrypted result is placed on standard output or as specified using the option --output. The document is compressed for additional security in addition to encrypting it.
> gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc
```bash
> gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc
```
The --recipient option is used once for each recipient and takes an extra argument specifying the public key to which the document should be encrypted. The encrypted document can only be decrypted by someone with a private key that complements one of the recipients' public keys. In particular, you cannot decrypt a document encrypted by you unless you included your own public key in the recipient list.
To decrypt a message the option --decrypt is used. You need the private key to which the message was encrypted. Similar to the encryption process, the document to decrypt is input, and the decrypted result is output.
> gpg --output doc --decrypt doc.gpg
You need a passphrase to unlock the secret key for
user: "Blake (Executioner) <blake@cyb.org>"
1024-bit ELG-E key, ID 5C8CBD41, created 1999-06-04 (main key ID 9E98BC16)
Enter passphrase:
```bash
> gpg --output doc --decrypt doc.gpg
You need a passphrase to unlock the secret key for
user: "Blake (Executioner) <blake@cyb.org>"
1024-bit ELG-E key, ID 5C8CBD41, created 1999-06-04 (main key ID 9E98BC16)
Enter passphrase:
```
Documents may also be encrypted without using public-key cryptography. Instead, only a symmetric cipher is used to encrypt the document. The key used to drive the symmetric cipher is derived from a passphrase supplied when the document is encrypted, and for good security, it should not be the same passphrase that you use to protect your private key. Symmetric encryption is useful for securing documents when the passphrase does not need to be communicated to others. A document can be encrypted with a symmetric cipher by using the --symmetric option.
> gpg --output doc.gpg --symmetric doc
Enter passphrase:
```bash
> gpg --output doc.gpg --symmetric doc
Enter passphrase:
```