safe is a command line tool for interacting with encrypted files. It provides a configuration file for tracking files and recipients.
safe uses gpg v1 to encrypt files. safe provides both a CLI and go library for managing and interacting with protected files
In order to get started with safe, a safe.yml file must be created within a repository:
To create a file or edit a previously encrypted file:
$ safe edit foo.mdTo encrypt and track a previously unencrypted file, safe provides protect:
$ safe protect foo.mdThe safe CLI will add this file to it's list of tracked files, encrypt it and delete the original.
safe provides a way to export secrets from a protected yaml file into an environment.
Given the safe protected file: config.yml with the contents:
---
key: valueWhen safe exec is run with a command, the environment variable KEY=value will be exported:
$ safe exec config.yml.gpg.asc env | grep KEY
KEY=valueTo reencrypt one or all tracked files with the current list of recipients, safe provides a reencrypt command.
$ safe reencrypt -all