yage

command module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2022 License: BSD-3-Clause Imports: 22 Imported by: 0

README

yage

yage is a fork of filippo.io/age/cmd/age with added YAML support.

This project contains no cryptographic logic, all of that remains in the original project.

yage encrypts YAML key values in place using YAML tag !crypto/age as marker. It only support encoding strings.

Tag / attributes

---
simpletag: !crypto/age simple value
doublequoted: !crypto/age:DoubleQuoted double quoted value
singlequoted: !crypto/age:SingleQuoted single quoted value
literal: !crypto/age:Literal literal value
flowed: !crypto/age:Flow flowed value
folded: !crypto/age:Folded folded value
notag: !crypto/age:Literal,NoTag literal untagged value # the NoTag attribute will cause yage to drop the tag when decrypting

Example

simpletag: !crypto/age simple value

$ yage -R ~/.ssh/id_ed25519.pub --yaml < simple.yaml
simpletag: !crypto/age |-
  -----BEGIN AGE ENCRYPTED FILE-----
  YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEcwQmFrQSBHdk9o
  V3dDbTRSNlVuei82RDJlRnNaMnduTWpLSkZEbVlJdmdUdDdJNjJvCkVZdDZ6cTRu
  QWplUythdERuNldlTzJMR0p2VjI3UGx2OWt4Q3VaMDZXK0kKLS0tIG9ZZTZ4K2FM
  c2VKVXlLamJndE1JaDN5SkdwTjEyR0FIeXFHTEZDZGZWSGcKclDEC1Xo41AdhLa2
  rbzwJeC4KyynjhJbOvwRlCBJV6K479LbfLSicgKjk9g=
  -----END AGE ENCRYPTED FILE-----

⚠️ YAML formatting may be modified when encrypting/decrypting in place due to limitations of the YAML library used. If you must conserve YAML formatting you'll need to encrypt it as a regular file.

Usage

Usage:
    yage (-r RECIPIENT | -R PATH)... [--armor] [-o OUTPUT] [INPUT]
    yage --passphrase [--armor] [-o OUTPUT] [INPUT]
    yage --decrypt [-i PATH]... [-o OUTPUT] [INPUT]

Options:
    -o, --output OUTPUT         Write the result to the file at path OUTPUT.
    -a, --armor                 Encrypt to a PEM encoded format.
    -p, --passphrase            Encrypt with a passphrase.
    -r, --recipient RECIPIENT   Encrypt to the specified RECIPIENT. Can be repeated.
    -R, --recipients-file PATH  Encrypt to recipients listed at PATH. Can be repeated.
    -d, --decrypt               Decrypt the input to the output.
    -i, --identity PATH         Use the identity file at PATH. Can be repeated.
        --version
    -y, --yaml                  Treat input as YAML and perform in-place encryption / decryption.
        --yaml-discard-notag    Does not honour NoTag attribute when decrypting (useful for re-keying).
        --rekey                 Decrypt the input and encrypt it with the given recipients.
                                In re-keying mode the input and output can be the same file.
                                In YAML mode it implies --yaml-discard-notag.

INPUT defaults to standard input, and OUTPUT defaults to standard output.

RECIPIENT can be an age public key generated by age-keygen ("age1...")
or an SSH public key ("ssh-ed25519 AAAA...", "ssh-rsa AAAA...").

Recipient files contain one or more recipients, one per line. Empty lines
and lines starting with "#" are ignored as comments. "-" may be used to
read recipients from standard input.

Identity files contain one or more secret keys ("AGE-SECRET-KEY-1..."),
one per line, or an SSH key. Empty lines and lines starting with "#" are
ignored as comments. Multiple key files can be provided, and any unused ones
will be ignored. "-" may be used to read identities from standard input.

Example:
    # Generate age key pair
    $ age-keygen -o key.txt
    Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p

    # Tar folder and encrypt it with yage
    $ tar cvz ~/data | yage -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age
    $ yage --decrypt -i key.txt -o data.tar.gz data.tar.gz.age

    # Encrypt YAML keys in place tagged with !crypto/age
    $ yage -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p -y config.yaml > config.yaml.age

    # Decrypt YAML file encrypted with yage
    $ yage --decrypt -i key.txt --yaml config.yaml.age

    # Re-key age encrypted YAML with all tags
    $ yage --rekey --yaml -i key.txt -R ~/.ssh/id_ed25519.pub -R ~/.ssh/id_rsa.pub -o config.yaml.age config.yaml.age

Install

From sources
$ go get -d sylr.dev/yaml
$ go get -d sylr.dev/yaml/age
$ go get sylr.dev/yage
Binaries

You can find pre-built binaries in the here.

Upstreams

sylr.dev/yage filippo.io/age sylr.dev/yaml/age/v3 sylr.dev/yaml/v3
v0.0.0 31e0d226807f a2c1da7b8f3b 5fe289210a56
v0.0.1 31e0d226807f a2c1da7b8f3b 5fe289210a56
v0.0.2 31e0d226807f a2c1da7b8f3b 5fe289210a56
v0.0.3 v1.0.0-rc.1 a2c1da7b8f3b 941109e4f08c
v0.0.4 v1.0.0-rc.1 a2c1da7b8f3b 941109e4f08c
v1.0.0 v1.0.0 ab99b234209c 941109e4f08c
v1.0.1 v1.0.0 ab99b234209c 941109e4f08c
v1.0.2 v1.0.0 ab99b234209c 941109e4f08c
next v1.0.0 ab99b234209c 941109e4f08c

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳