[woodruffw]

The more general version of this is probably sops[1].

(A general problem with these kinds of “wrap GPG” tools is that you end up with “mystery meat” encryption/signatures: your tool’s security margin is at the mercy of GPG’s opaque and historically not very good defaults.)

[1]: https://github.com/getsops/sops

[theteapot]

This is 13 lines of Bash plus GPG which is available ~everywhere and a pretty lowish level Linux dependency. SOPS is +20KLOC of Go with support for cloud KMS etc etc. I think you got your mystery meat analogy backwards.

[woodruffw]

The mystery meat in question is GPG, not sops or this.

(I also wouldn’t call GPG a low level dependency.)

[theteapot]

lowish. Meaning if you run a Linux desktop env with a mild amount of software installed it's likely pulled in already.

[woodruffw]

I’ve used a Linux desktop for my entire adult life, and I’m pretty sure GPG has never been bundled directly with my environment. I used to install it directly, but I haven’t needed that in years either since everything I needed GPG for (= git) supports SSH signing instead.

[ikiris]

So is Perl, that doesn’t make it a good argument to use it still for the same reasons.

[akoboldfrying]

Perl is horrible, but for one-liners it's strictly less horrible than either sed or awk, which people still use because they are less horrible than pure Bourne shell for some common tasks.

[aborsy]

GPG man page is long. But to be fair, GPG, which I have used for decades, has never failed me.

[mgarciaisaia]

I didn't know about sops, thanks for sharing!

Encrypting YAML files' values may be handy for another project - will take note of it.