Documents how to use rage for encrypting/decrypting file using SOPS.
Generate identity (private) and recipient (public) with password - will ask for it interactively
$ rage-keygen | rage -p - > key.enc
Public key: age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9jEncrypt the text file with sops
sops -e --age age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j text-clear.yaml > secret.yamlUses key.enc which was generated in the first step. This will ask for password again, interactively
SOPS_AGE_KEY=$(rage -d key.enc)this will also print
# created: 2024-03-09T16:00:50+01:00
# public key: age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j
AGE-SECRET-KEY-1MUAJZM5AEKU0VFDJLX3G8WKQ7FQXL8UNCA86USQLFPEQ2870ZX8Q3MHGAX
$ echo $SOPS_AGE_KEY
# created: 2024-03-09T16:00:50+01:00 # public key: age1lzffdzg65h3edyrwssnu388ny0vkgmswy8047j8fghas9fw4syas67rr9j AGE-SECRET-KEY-1MUAJZM5AEKU0VFDJLX3G8WKQ7FQXL8UNCA86USQLFPEQ2870ZX8Q3MHGAX
SOPS for whatever reason requires ~/.config/sops/age/keys.txt on my local Linux Mint.
Setting env variable SOPS_AGE_KEY_FILE or SOPS_AGE_KEY did not work out out of the box...
$ cat ~/.config/sops/age/keys.txt
AGE-SECRET-KEY-1MUAJZM5AEKU0VFDJLX3G8WKQ7FQXL8UNCA86USQLFPEQ2870ZX8Q3MHGAX
# Now decrypt secret file - works
sops -d secret.yaml > clear2.yaml