This document contains the help content for the yage command-line program.
Command Overview:
yage↴yage check↴yage decrypt↴yage edit↴yage encrypt↴yage env↴yage keygen↴yage pubkey↴yage recipients↴yage re-encrypt↴
A simple tool to manage encrypted secrets in YAML files with age encryption
Usage: yage [OPTIONS] [COMMAND]
check— Check the encryption status of a YAML filedecrypt— Decrypt the values in a YAML fileedit— Edit an encrypted YAML fileencrypt— Encrypt the values in a YAML fileenv— Execute a command with the environment from the encrypted YAML filekeygen— Generate a new age keypubkey— Convert private age keys to their public keyrecipients— List the recipients of the encrypted datare-encrypt— Re-encrypt the values in a YAML file
-
--completion <SHELL>— Generate the completion code for this shellPossible values:
bash,elvish,fish,powershell,zsh -
-v,--verbose— Increase logging verbosity -
-q,--quiet— Decrease logging verbosity
Check the encryption status of a YAML file
Usage: yage check [FILES]...
<FILES>— The YAML files to check
Decrypt the values in a YAML file
Usage: yage decrypt [OPTIONS] [FILES]...
<FILES>— The YAML files to decrypt
-
-i,--in-place— Decrypt in placePossible values:
true,false -
-k,--key <KEY>— Decrypt with the specified key -
-K,--key-file <FILE>— Decrypt with the key in the file -
-o,--output <FILE>— The output path to the decrypted YAML fileDefault value:
-
Edit an encrypted YAML file
The file is decrypted with the specified keys and open in a text editor. The user can edit the file and save it. The values are then encrypted with the same keys and the recipients, and saved in the original file.
The YAML file may contain some unencrypted values, and some encrypted values. The encrypted values are decrypted before the edition and all the values are encrypted after the edition.
Only the modified values are encrypted, the other values are left unchanged.
Usage: yage edit [OPTIONS] <FILE>
<FILE>— The encrypted YAML file to edit
-
-e,--editor <EDITOR>— The editor command to useDefault value:
vim -
-k,--key <KEY>— Decrypt with the specified key -
-K,--key-file <FILE>— Decrypt with the key at in this file
Encrypt the values in a YAML file
Only the values are encrypted, the keys are left in clear.
The values are encrypted with the recipients' public keys in the age format, converted in base64 and surrounded by yage[…] markers.
This command is able to encrypt some new values in a file that already contains encrypted values. The encrypted values are detected thanks to the yage[…] markers and left unchanged.
Usage: yage encrypt [OPTIONS] [FILES]...
<FILES>— The YAML files to encrypt
-
-i,--in-place— Encrypt in placePossible values:
true,false -
-r,--recipient <RECIPIENT>— Encrypt to the specified recipients -
-R,--recipient-file <FILE>— Encrypt to recipients listed at PATH -
-o,--output <FILE>— The output path to the encrypted YAML fileDefault value:
-
Execute a command with the environment from the encrypted YAML file
The YAML file must contain a map with string keys and values. The keys are the environment variable names, and the values are the environment variable values. Other more complex YAML structures are not supported.
Usage: yage env [OPTIONS] <FILE> <COMMAND> [ARGS]...
<FILE>— The YAML file to decrypt<COMMAND>— The command to run<ARGS>— The command arguments
-
-i,--ignore-environment— Start with an empty environmentDefault value:
falsePossible values:
true,false -
-k,--key <KEY>— Decrypt with the specified key -
-K,--key-file <FILE>— Decrypt with the key at PATH
Generate a new age key
The public part of the key is logged to the standard error output. It may be computed from the private key with the pubkey command.
The key is written in the age format, which is compatible with the age tool.
Usage: yage keygen [OPTIONS]
-
-o,--output <FILE>— The output path to the private key fileDefault value:
- -
-p,--public <PUBLIC>— The output path to the public key file
Convert private age keys to their public key
The input key and output public key are in the age format, which is compatible with the age tool.
Usage: yage pubkey [OPTIONS] [KEY_FILE]...
<KEY_FILE>— The private key files
-
-k,--key <KEY>— The private keys -
-o,--output <FILE>— The output path to the public key fileDefault value:
-
List the recipients of the encrypted data
Usage: yage recipients [OPTIONS] [FILES]...
<FILES>— The encrypted YAML files
-
-r,--only-recipients— Only show the recipients' public keysDefault value:
falsePossible values:
true,false -
-o,--output <FILE>— The output pathDefault value:
-
Re-encrypt the values in a YAML file
This command is similar to the encrypt command, but it first decrypts the values in the input file and re-encrypts them with the specified recipients.
It is especially useful in several cases: - to change the recipients of a file, for example when a recipient's key is compromised, or when a recipient should be added or removed from the file. - to fix a recipient inconsistency in the values of a file, for example when the file was merged from different sources with different recipients.
Usage: yage re-encrypt [OPTIONS] [FILES]...
<FILES>— The YAML files to encrypt
-
-i,--in-place— Re-encrypt in placePossible values:
true,false -
-e,--keep-recipients— Keep the recipients of the input filePossible values:
true,false -
-k,--key <KEY>— Decrypt with the specified key -
-K,--key-file <FILE>— Decrypt with the key in the file -
-r,--recipient <RECIPIENT>— Encrypt to the specified recipients -
-R,--recipient-file <FILE>— Encrypt to recipients listed at PATH -
-d,--remove-recipient <RECIPIENT>— Remove the recipient from the list of recipients -
-D,--remove-recipient-file <FILE>— Remove the recipients in the file from the list of recipients -
-o,--output <FILE>— The output path to the encrypted YAML fileDefault value:
-
This document was generated automatically by
clap-markdown.