yadm-encrypt

Encrypt files listed in the designated encrypt file

$ yadm encrypt

$ touch [path/to/encrypt_file] && mkdir [path/to/archive_folder]

yadm encrypt [options] file(s)
yadm decrypt [options] file(s)

-a, --askpass
    Prompt for a passphrase.

-f, --force
    Overwrite existing files.

-k, --keep
    Keep original file after encryption/decryption.

-q, --quiet
    Suppress output.

The `yadm-encrypt` command, typically not a standalone utility but rather integrated within the `yadm` (Yet Another Dotfiles Manager) ecosystem, facilitates the encryption and decryption of files managed by yadm. Its primary purpose is to securely store sensitive configuration data, like API keys or passwords, within your dotfiles repository without exposing the plaintext values. When used, it allows encrypting files before commiting to the repository, then automatically decrypting them when cloned or checked out on a new machine. This is typically handled automatically by `yadm`, requiring manual invocation of `yadm-encrypt` only under specific edge cases or debugging scenarios. The underlying encryption mechanism often relies on GPG (GNU Privacy Guard) or similar cryptographic tools. The command handles secure backup and configuration management on new machines.
Important: Without the proper GPG keys/setup on a machine, yadm will not be able to decrypt the encrypted files, causing potential issues.

Requires proper GPG setup and key management. Without the correct keys, decryption will fail, rendering the encrypted files useless.

While `yadm-encrypt` helps secure sensitive data, it's crucial to understand that it doesn't provide perfect security. Consider factors like key management practices and the overall security of the system where the keys are stored. Using a strong passphrase for GPG keys is highly recommended. Proper key rotation and secure storage are vital for protecting the encrypted data.

Generally, you don't need to call `yadm-encrypt` directly. `yadm` handles the encryption/decryption automatically based on the configuration of your dotfiles repository and the presence of the relevant GPG keys. Check the yadm documentation for details on configuring encryption.

The `yadm-encrypt` command is part of the yadm dotfiles manager, which has been developed and maintained to offer a straightforward approach to managing dotfiles across multiple machines. The encryption capability became an important feature to allow users to securely store sensitive information within the dotfiles repository. The implementation details and command options might vary slightly depending on the specific yadm version.

yadm(1), gpg(1)