ReddRadar
Agent skill
sops-decrypt
Decrypt SOPS-encrypted YAML files back to .env format. Finds *.enc.yaml files, decrypts, and converts YAML back to dotenv. Use when user mentions "decrypt env", "sops decrypt", "decrypt secrets", "restore env", "decrypt .env", "restore secrets", "decrypt environment files".
Install this agent skill to your Project
npx add-skill https://github.com/joaquimscosta/arkhe-claude-plugins/tree/main/plugins/devtools/skills/sops-decrypt
SKILL.md
SOPS Decrypt
Decrypt .enc.yaml files back to their plaintext .env originals.
Workflow
-
Detect current state:
bashpython3 ${CLAUDE_SKILL_DIR}/../sops-setup/scripts/detect_sops.py <project-root> -
Verify prerequisites:
tools.sops.installedmust be true — if not, tell user to install:brew install sops(macOS) or download binary (Linux)age_key.existsmust be true — if not, guide user to place their age private key at the expected path, or setSOPS_AGE_KEY_FILEenv var
-
Show encrypted files from
project.encrypted_files. If empty, report "No encrypted files found" and exit. -
Use
AskUserQuestion(multiSelect: true) — which files to decrypt. For each, show the target output name (e.g.,.env.local.enc.yaml→.env.local). If the target file already exists, note it will be overwritten. -
Decrypt each selected file (decrypt YAML, then convert to dotenv):
bashsops --decrypt <file>.enc.yaml > <file>.dec.yaml.tmp python3 ${CLAUDE_SKILL_DIR}/../sops-setup/scripts/dotenv_yaml.py to-dotenv <file>.dec.yaml.tmp > <target-env-file> rm <file>.dec.yaml.tmpWhere
<target-env-file>is the encrypted filename with.enc.yamlsuffix removed. Example:.env.local.enc.yaml→.env.local -
Verify each decrypted file exists and is non-empty.
-
Summary:
| Encrypted File | Decrypted To | Status | |---------------|--------------|--------| | .env.local.enc.yaml | .env.local | done |Remind user: Do NOT commit the decrypted .env files — they should be in
.gitignore.
Key Rules
- Always check that the age private key exists before attempting decryption
- Always convert YAML→dotenv after decrypting (use the helper script)
- Warn if a decrypted file will overwrite an existing one
- Clean up
.tmpfiles even if decryption fails - After decryption, remind user that plaintext
.envfiles must stay out of git - If decryption fails with "no identity matched", the machine's key is not authorized — suggest running
/devtools:sops-add-keyon a machine that has access
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
joaquimscosta/arkhe-claude-plugins
Skill Name
What this skill does. Use when user mentions "keyword1", "keyword2", or "keyword3". Keep under 1,024 characters and include specific trigger keywords.
joaquimscosta/arkhe-claude-plugins
plugin-release-checker
joaquimscosta/arkhe-claude-plugins
skill-validator
Validate skills against Anthropic best practices for frontmatter, structure, content, file organization, hooks, MCP, and security (62 rules in 8 categories). Use when creating new skills, updating existing skills, before publishing skills, reviewing skill quality, or when user mentions "validate skill", "check skill", "skill best practices", "skill review", or "lint skill".
joaquimscosta/arkhe-claude-plugins
sync-docs
Sync official Anthropic documentation and analyze impact on project components. Runs docs/reference/update-claude-docs.sh, computes diffs, and reports impacts on the skill validator, plugins, and project documentation. Use when user mentions "sync docs", "update reference docs", "refresh docs", or "check doc changes".
joaquimscosta/arkhe-claude-plugins
research-frontmatter
Enforce standard YAML frontmatter on research documents in docs/research/. Use when creating, editing, or promoting research files, when user mentions "research metadata", "research frontmatter", or "research staleness".
joaquimscosta/arkhe-claude-plugins
deep-research
Deep research on technical topics using EXA tools with intelligent two-tier caching. Use when user asks to research a topic, investigate best practices, look up information, find patterns, or explore architectures. Also invoked by /research command. Triggers: "research", "look up", "investigate", "deep dive", "find information about", "what are best practices for", "how do others implement".
Didn't find tool you were looking for?