salt-gnupg-rotate

Easily rotate gnupg encryption keys of fully or partially encrypted files. 🧂

About

This project was created to help with the rotation of secret keys on saltstack controllers. Like probably at least some of you I am bad at rotating encryption keys due to the effort and time required. This tool is meant to make that task quick and painless.

Documentation

Documentation is hosted at https://raddessi.github.io/salt-gnupg-rotate/ and prebuilt zip files of the project documentation are available for download from the Releases page.

Features

  • It’s fast! Rotate your keys in seconds

  • Encrypted blocks are updated in-place in your files, keeping surrounding context and current indentation

  • Trace level logging using --log-level trace will show you the decrypted block contents as well as the re-encrypted blocks for you to manually validate the changed before applying them

  • No changes to your data will be made unless the --write flag is given

Discussion

  • GitHub Discussions - Discussion forum hosted by GitHub; ideal for Q&A and other structured discussions