yaml-crypt
Advanced tools
Command line utility to encrypt and decrypt YAML documents.
The package is available on the npm registry, so just run
$ yarn global add yaml-crypt
$ yaml-crypt --help
You can also install the package locally:
$ mkdir yaml-crypt && cd yaml-crypt
$ yarn init --yes
$ yarn add yaml-crypt
$ ./node_modules/.bin/yaml-crypt --help
First you will need to generate a key file. Currently, both Fernet and Branca encryption schemes are supported, so you will need a key with exactly 32 bytes. The easiest way is to use the pwgen command:
$ pwgen 32 1 > my-key
Another way would be to use the urandom device file:
$ cat /dev/urandom | LC_ALL=C tr -dc A-Za-z0-9 | head -c 32 > my-key
To encrypt all values in a YAML file, run
$ yaml-crypt -k my-key my-file.yaml
This will generate the file my-file.yaml-crypt, while leaving my-file.yaml intact.
If you want to delete the original file after encryption, use the --rm option.
Files will be deleted using unlink. If this does not meet your security needs, consider removing the file manually instead!
The operation will be performed based on the file extension, so to decrypt a file, just use
$ yaml-crypt -k my-key my-file.yaml-crypt
You can also encrypt only certain parts of a file. Given the following YAML file
apiVersion: v1
kind: Secret
data:
username: user1
password: secret123
you can use --path data to only encrypt the values user1 and secret123.
Kubernetes secrets are Base64 encoded, so you should use the --base64 option.
It is also possible to directly open encrypted files in an editor, decrypting them before opening and encrypting again when saving:
$ yaml-crypt -E my-file.yaml-crypt
The yaml-crypt command looks in ~/.yaml-crypt for a file config.yaml or config.yml.
Currently, only the keys property is supported. These keys will be used when no key
files are given on the command line:
$ cat ~/.yaml-crypt/config.yaml
keys:
- file: /home/user/.my-key-file
- key: my-raw-key-data
- key: !!binary my-base64-key-data
$ yaml-crypt my-file.yaml
All whitespaces at the beginning and end of keys will be removed when reading keys.
The yaml-crypt tool is licensed under the MIT License
FAQs
Encrypt and decrypt YAML documents
The npm package yaml-crypt receives a total of 0 weekly downloads. As such, yaml-crypt popularity was classified as not popular.
We found that yaml-crypt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.