Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
yaml-crypt
Advanced tools
Command line utility to encrypt and decrypt YAML documents.
The package is available on the npm registry, so just run
$ yarn add yaml-crypt
$ ./node_modules/yaml-crypt/bin/yaml-crypt.js --help
You can also install the package globally: yarn global add yaml-crypt
First you will need to generate a key file. Currently, only the Fernet encryption scheme is supported, so you will need a key with exactly 32 bytes. The easiest way is to use the pwgen command:
$ pwgen 32 1 > my-key
Another way would be to use the urandom
device file:
$ cat /dev/urandom | LC_ALL=C tr -dc A-Za-z0-9 | head -c 32 > my-key
To encrypt all values in a YAML file, run
$ yaml-crypt -k my-key my-file.yaml
This will generate the file my-file.yaml-crypt
, while leaving my-file.yaml
intact.
If you want to delete the original file after encryption, use the --rm
option.
Files will be deleted using unlink. If this does not meet your security needs, consider removing the file manually instead!
The operation will be performed based on the file extension, so to decrypt a file, just use
$ yaml-crypt -k my-key my-file.yaml-crypt
You can also encrypt only certain parts of a file. Given the following YAML file
apiVersion: v1
kind: Secret
data:
username: user1
password: secret123
you can use --path data
to only encrypt the values user1
and secret123
.
It is also possible to directly open encrypted files in an editor, decrypting them before opening and encrypting again when saving:
$ yaml-crypt -E my-file.yaml-crypt
The yaml-crypt command looks in ~/.yaml-crypt
for a file config.yaml
or config.yml
.
Currently, only the defaultKeyFile
property is supported. This key file will be used
when no key files are given on the command line:
$ cat ~/.yaml-crypt/config.yaml
defaultKeyFile: /home/user/.my-key
$ yaml-crypt my-file.yaml
The yaml-crypt tool is licensed under the MIT License
FAQs
Encrypt and decrypt YAML documents
The npm package yaml-crypt receives a total of 4 weekly downloads. As such, yaml-crypt popularity was classified as not popular.
We found that yaml-crypt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.