Decrypt encrypted information sent to
Sometimes community representatives need to send us encrypted information - usually credentials for cloud access or an authentication system. We use age (pronounced aghe) to allow such information to be encrypted and then sent to use in a way that anyone on the team can decrypt, rather than the information be tied to a single engineer.
Before you can decrypt received messages, you need the following pre-requisites setup.
Authenticate with gcloud so sops can decrypt the private age key kept in the repository.
These are all one-time tasks, and (2) and (3) are generally required for deployments to work.
Decrypt received message#
The encrypted message looks something like
-----BEGIN AGE ENCRYPTED FILE----- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cDRlMzVzWHpWU1JIeVBj YnBqOHc5NzA3ZTZiNlljSkRDMFpyMkNUWVhBCmRBb1ltQVNPVExNK1ppbVY4OC93 OVBqUmtMQytsQkpMZkxDbXZ2R0d6ZzQKLS0tIGlGNktqWDFZMDZaYTVFTUIyNmZD dnY1aHZGMFRpb2djMmViSU5qNkJ0M1EKtRkajujtLCgCZkPRQEGanAavNj/GQc/g xQemDwYveQVheTyc9zA= -----END AGE ENCRYPTED FILE-----
Once you have the encrypted contents, you can decrypt it by:
deployer decrypt-agefrom the infrastructure repo checkout
Paste the encrypted message in your terminal
Press enter, and then
You’ll see the decrypted output!
Alternatively, you can also run
deployer decrypt-age --encrypted-file-path <path-to-encrypted-file>
if the encrypted message is stored in a file