Decrypt encrypted information sent to support@2i2c.org
#
Sometimes community representatives need to send us encrypted information - usually credentials for cloud access or an authentication system. We use age (pronounced aghe) to allow such information to be encrypted and then sent to use in a way that anyone on the team can decrypt, rather than the information be tied to a single engineer.
Pre-requisites#
Before you can decrypt received messages, you need the following pre-requisites setup.
Authenticate with gcloud so sops can decrypt the private age key kept in the repository.
These are all one-time tasks, and (2) and (3) are generally required for deployments to work.
Decrypt received message#
The encrypted message looks something like
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cDRlMzVzWHpWU1JIeVBj
YnBqOHc5NzA3ZTZiNlljSkRDMFpyMkNUWVhBCmRBb1ltQVNPVExNK1ppbVY4OC93
OVBqUmtMQytsQkpMZkxDbXZ2R0d6ZzQKLS0tIGlGNktqWDFZMDZaYTVFTUIyNmZD
dnY1aHZGMFRpb2djMmViSU5qNkJ0M1EKtRkajujtLCgCZkPRQEGanAavNj/GQc/g
xQemDwYveQVheTyc9zA=
-----END AGE ENCRYPTED FILE-----
Once you have the encrypted contents, you can decrypt it by:
Run
deployer decrypt-age
from the infrastructure repo checkoutPaste the encrypted message in your terminal
Press enter, and then
Ctrl+D
You’ll see the decrypted output!
Alternatively, you can also run deployer decrypt-age --encrypted-file-path <path-to-encrypted-file>
if the encrypted message is stored in a file