As part of our managed ops services we often need to share sensitive information such as passwords and keys with customers. GPG is commonly used for this kind of thing, but if our customers aren’t already used to PGP it’s a bit of a pain - particularly with all the key swapping, signing and trust settings you often need to manage.
However, most of our customers already have an SSH keypair that they use to access their Brightbox servers and if we’re managing their servers we already know their public keys. Can we use a customer’s SSH keys to encrypt messages for them? Yes we can! And a tool called age makes this easy - much eaiser than GPG.
First, install age. It’s available natively for most modern Linux distros, BSDs, Windows and macOS so it should only take a minute.
Then to encrypt a message with an SSH public key run age with the --recipients-file argument (and use CTRL+D to finish the message of course):