This simple bash script is a wrapper for SOPS encryption with a age key saved in 1password. You can directly encrypt and decrypt files without copy the public/private key onto the machine. The script uses the 1password-host integration, where you have to be logged in (see Dependencies).
⚠️ At the moment, the script only supports the in-place parameter of SOPS and will therefore encrypt/decrypt a file directly in place!
- age
- sops
- 1password cli (
op)
sops-age-op --helpKEY_PATHis the path to the key in the 1password vault in one of the following formats:op://vault/title(in this case, the defualt field name ispassword)op://vault/title/fieldop://vault/title/section/field
Encrypt a file:
./sops-age-op -e -k KEY_PATH [ FILE ]Decrypt a sops file:
./sops-age-op -d -k KEY_PATH [ FILE ]Generate a new age key and store it in the 1password vault. The type of the new item will be Password.
./sops-age-op -c -t [ TAGS ] -k KEY_PATH