Alright, fresh start with the new year and a new semester! After a decent break, I'm pumped to dive back into the ChatCraft community as part of the OSD700 course. This time around, it's got a different vibe – more like an internship: we will get weekly meetings, and everyone will be stepping into the shoes of a Sheriff. I'm genuinely looking forward to what's ahead.
So, let me spill the beans on my first-week: Decryption with SOPS.
Honestly, I'm kinda into these slightly tricky tasks, like the treasure hunt. The hint dropped suggests we can snag an OpenAI key, but there's a catch – gotta decrypt it before we can actually use it.
keys:
OPENAI_API_KEY: ENC[AES256_GCM,data:elwDiserNtn4zzZ1OgAJ89Qf4AYZzw9Zo9KuDBajNA8IzcHJqQCgI9/NXBg+k0nZYqXL,iv:wpafefzHC27e2AzJkk0dMtBAsgzg2DsWm76avteHJdQ=,tag:r2s7SauoQNBY2vWxFl7AIA==,type:str]
Luckily, we got a README shows that this file is encrypted using sops and how to unlock the secrets. Nevertheless, as a first-time user of this tool, the entire procedure remains quite daunting for me. Once I had sops and ssh-to-age installed, I immediately navigated to the User section.
export SOPS_AGE_KEY=`scripts/sops_age_key.sh`
sops -d sops/keys.enc.yaml
The result, however, was a failure.
Failed to get the data key required to decrypt the SOPS file.
Group 0: FAILED
Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.
So, I attempted to uncover new leads, and in the Admin section, I noticed instructions.
fetch pub keys for all users in repo, ensure they ssh-ed25519
this script will complain if user doesn't have a key or if it's not ssh-ed25519
Although I'm unsure about the decryption process, it seems that I need to have an ssh-ed25519 operation.
Then, I came across this line in the fetchkeys script:
# Fetch the SSH public keys for the user with -L
keys=$(curl -s -L -H "$AUTH_HEADER" "https://github.com/$username.keys")
This means I have to upload my ssh-ed25519 public key to GitHub.
However, even after uploading, I still couldn't decrypt it. Feeling perplexed, I temporarily set it aside. It wasn't until I came across a message in the Discord group mentioning a new branch, 'taras/sops2,' that might resolve a similar issue for another student. So I did checkout. And voilà, the key was unlocked. I'm astonished that I stumbled upon the solution without solving all the puzzles!
Nevertheless, I still need to grasp the entire decryption process and the usages of parameters like -d, -i, etc. Therefore, I've decided to make sops my research topic. I'll share my insights with you in the next post. See you later!
Top comments (0)