Skill

sops-encrypt

Install

Install the plugin

npx claudepluginhub joaquimscosta/arkhe-claude-plugins --plugin devtools

Want just this skill?

Add to a custom plugin, then install with one command.

Description

Encrypt .env files using SOPS + age. Converts dotenv to YAML format (avoids SOPS bug #1435), then encrypts. Auto-detects unencrypted .env files. Use when user mentions "encrypt env", "sops encrypt", "encrypt secrets", "encrypt .env", "encrypt environment", "re-encrypt", "update encrypted".

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

SOPS Encrypt

Encrypt .env files by converting to YAML and encrypting with SOPS + age.

Why YAML? SOPS dotenv store has a known bug (#1435) that corrupts backslash and \n sequences. The helper script converts dotenv→YAML before encryption.

Workflow

Detect current state:

python3 ${CLAUDE_SKILL_DIR}/../sops-setup/scripts/detect_sops.py <project-root>

Verify prerequisites:
- tools.sops.installed must be true — if not, tell user to run /devtools:sops-setup
- project.sops_yaml.exists must be true — if not, tell user to run /devtools:sops-setup
- age_key.exists must be true — if not, tell user to run /devtools:sops-setup
Show unencrypted .env files from project.env_files. If empty, report "No .env files found to encrypt" and exit.
Use AskUserQuestion (multiSelect: true) — which files to encrypt. List each .env* file. If a corresponding .enc.yaml file already exists, note it will be overwritten.

Encrypt each selected file (convert dotenv→YAML, then encrypt):

python3 ${CLAUDE_SKILL_DIR}/../sops-setup/scripts/dotenv_yaml.py to-yaml <file> > <file>.enc.yaml.tmp
sops --encrypt <file>.enc.yaml.tmp > <file>.enc.yaml
rm <file>.enc.yaml.tmp

Example: .env.local → .env.local.enc.yaml

Verify each encrypted file exists and is non-empty.

Summary:

| File | Encrypted To | Status |
|------|-------------|--------|
| .env.local | .env.local.enc.yaml | done |
| .env.production | .env.production.enc.yaml | done |

Remind user to commit the .enc.yaml files.

Key Rules

Always verify .sops.yaml exists before attempting encryption
Always convert dotenv→YAML before encrypting (use the helper script)
Warn if an .enc.yaml file will be overwritten
Never delete the original .env file — only create the .enc.yaml copy
Clean up .tmp files even if encryption fails

Links

Stats

Stars9

Forks1

Last CommitMar 21, 2026

Actions

Similar Skills

prompt-lookup

Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.

153.8k

skill-lookup

Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.

153.8k

brand-guidelines

1 file

Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.

99.3k