相关链接
https://github.com/jkroepke/helm-secrets
https://github.com/getsops/sops
涉及命令
# mac install gpg
brew install gpg
# 生成 gpg key
export KEY_NAME="Tiexin Guo"
export KEY_COMMENT="test key for sops"
gpg --batch --full-generate-key <<EOF
%no-protection
Key-Type: 1
Key-Length: 4096
Subkey-Type: 1
Subkey-Length: 4096
Expire-Date: 0
Name-Comment: ${KEY_COMMENT}
Name-Real: ${KEY_NAME}
EOF
# 查看当前的 key 和 fingerprint
gpg --list-keys
# 导出对应的私钥
gpg --armor --export-secret-keys 02EEB8B179402CC9
# 导入对应的私钥
gpg --import tests/assets/gpg/private.gpg
# 配置 sops,这里填写 fingerprint 就行了
cat .sops.yaml
creation_rules:
- pgp: >-
27F6DF4D5357644D3D881CC602EEB8B179402CC9
# helm secrets 加密和解密
helm secrets encrypt c.yaml.dec > c.yaml
helm secrets decrypt c.yaml
FAQ
期间遇到了加密解密的问题,应该是 gpg 客户端版本问题,低版本客户端加密的,高版本客户端能解密,高版本客户端加密的,低版本客户端解密不了
标签:加密,secrets,gpg,解密,helm,客户端 From: https://www.cnblogs.com/WisWang/p/17922762.html