yaml-crypt
Advanced tools
Command line utility to encrypt and decrypt YAML documents.
The package is available on the npm registry, so just run
$ yarn global add yaml-crypt
$ yaml-crypt -h
You can also install the package locally:
$ mkdir yaml-crypt && cd yaml-crypt
$ yarn init --yes
$ yarn add yaml-crypt
$ ./node_modules/.bin/yaml-crypt -h
You can also use the Docker image:
$ docker run --rm autoapply/yaml-crypt -h
First you will need to generate a key file. Currently, both Fernet and Branca encryption schemes are supported.
To generate a new random key, run
$ yaml-crypt --generate-key > my-key-file
To encrypt all values in a YAML file, run
$ yaml-crypt -k my-key-file my-file.yaml
This will encrypt the file contents and rename the file to my-file.yaml-crypt.
The operation will be performed based on the file extension, so to decrypt a file, just use
$ yaml-crypt -k my-key-file my-file.yaml-crypt
To specify an explicit operation, use -e or -d for encryption or decryption.
You can also encrypt only certain parts of a file. Given the following YAML file
apiVersion: v1
kind: Secret
data:
username: user1
password: secret123
you can use --path data to only encrypt the values user1 and secret123.
Kubernetes secrets are Base64 encoded, so you should also use the
--base64(or-B) option.
It is also possible to directly open encrypted files in an editor, decrypting them before opening and encrypting again when saving:
$ yaml-crypt -E my-file.yaml-crypt
When editing, you can add new encrypted data by specifying the yaml tag <!yaml-crypt>:
unencrypted:
hello: world
encrypted:
key1: !<!yaml-crypt/:0> secret-key-1
# add the following line to add a new encrypted entry "key2" to the file,
# which will be encrypted in the yaml-crypt file:
key2: !<!yaml-crypt> secret123
The yaml-crypt command looks in ~/.yaml-crypt for a file config.yaml or config.yml.
Currently, only the keys property is supported. These keys will be used when no keys
are given on the command line:
$ cat ~/.yaml-crypt/config.yaml
keys:
- key: my-raw-key-data
- key: !!binary my-base64-key-data
$ yaml-crypt my-file.yaml
All whitespaces at the beginning and end of keys will be removed when reading keys.
The yaml-crypt tool is licensed under the MIT License
FAQs
Encrypt and decrypt YAML documents
The npm package yaml-crypt receives a total of 3 weekly downloads. As such, yaml-crypt popularity was classified as not popular.
We found that yaml-crypt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.