Decrypt encrypted information sent to firstname.lastname@example.org
Decrypt encrypted information sent to
Sometimes community representatives need to send us encrypted information - usually credentials for cloud access or an authentication system. We use age (pronounced aghe) to allow such information to be encrypted and then sent to use in a way that anyone on the team can decrypt, rather than the information be tied to a single engineer.
Before you can decrypt received messages, you need the following pre-requisites setup.
Authenticate with gcloud so sops can decrypt the private age key kept in the repository.
These are all one-time tasks, and (2) and (3) are generally required for deployments to work.
Decrypt received message#
The encrypted message looks something like
-----BEGIN AGE ENCRYPTED FILE----- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cDRlMzVzWHpWU1JIeVBj YnBqOHc5NzA3ZTZiNlljSkRDMFpyMkNUWVhBCmRBb1ltQVNPVExNK1ppbVY4OC93 OVBqUmtMQytsQkpMZkxDbXZ2R0d6ZzQKLS0tIGlGNktqWDFZMDZaYTVFTUIyNmZD dnY1aHZGMFRpb2djMmViSU5qNkJ0M1EKtRkajujtLCgCZkPRQEGanAavNj/GQc/g xQemDwYveQVheTyc9zA= -----END AGE ENCRYPTED FILE-----
Once you have the encrypted contents, you can decrypt it by:
./shared/keys/decrypt-age.pyfrom the infrastructure repo checkout
Paste the encrypted message in your terminal
Press enter, and then
You’ll see the decrypted output!
Alternatively, you can also run
if the encrypted message is stored in a file