I use multiple Mac workstations to manage all my systems and services (AWS infrastructure, Kubernetes) so it is a challenge to manage the keys and credentials needed to access those systems. YADM (Yet Another Dotfiles Manager) does a great job of managing this files and storing them in a git repository but I wasn’t comfortable hosting that repository on a public facing service (Github or Gitlab) so I took advantage of Keybase’s private encrypted git repo feature.
> brew install yadm > yadm init > yadm add <important file> > yadm commit > yadm remote add origin <url> # See Use Keybase below to avoid public git repos > yadm push -u origin master
YADM has a means to handle sensitive information (SSH keys, AWS credentials)
> vim $HOME/.yadm/encrypt
add list of file locations of sensitive files
.ssh/*.key .ssh/*.pem .ssh/*_rsa .kube/* .aws/* .m2/settings.xml
Continue with YADM’s encryption process
> yadm encrypt # set password. This creates a file $HOME/.yadm/files.gpg > yadm add .yadm/encrypt > yadm add .yadm/files.gpg > yadm commit > yadm push -u origin master
Now let’s setup our dotfiles on a second machine.
> brew install yadm > yadm clone <url> # The clone command will attempt to merge your existing repository, but if it fails, it will stash any conflicting data. See this question in the FAQ if you need help. > yadm status