library("lockbox")
# Generate a key pair
key <- key_generate("private.key")
# Create new encrypted lockbox file (auto-detects format)
secrets <- list(
API_KEY = "your-api-key-here",
DATABASE_URL = "postgresql://user:pass@host:5432/db"
)
secrets_encrypt(
lockbox = "lockbox.yaml",
secrets = secrets,
public = key
)
# Update existing lockbox file (auto-detects format)
secrets_encrypt(
lockbox = "lockbox.yaml",
secrets = list(API_KEY = "a-new-api-key"),
private = "private.key"
)Encrypt secrets using automatic format detection
Description
Creates or updates a lockbox file with encrypted secrets. Automatically detects whether to use SOPS or the simpler lockbox format based on file contents and available parameters. For new files, uses SOPS if external tools are available, otherwise uses the lockbox format.
Usage
secrets_encrypt(
lockbox = NULL,
secrets = NULL,
public = NULL,
private = NULL,
sops = FALSE
)
Arguments
lockbox
|
Character string, path to the encrypted file to create/update |
secrets
|
Named list of secrets to encrypt (keys become variable names) |
public
|
Character vector of age public keys (required for new files) |
private
|
Character string, path to private key file (required for updates, can be password-protected age file) |
sops
|
Logical, whether to use SOPS format. Defaults to FALSE (use built-in lockbox format). |
Value
Invisible NULL