ReddRadar
Agent skill
sops-encrypt
Encrypt .env files using SOPS + age. Converts dotenv to YAML format (avoids SOPS bug #1435), then encrypts. Auto-detects unencrypted .env files. Use when user mentions "encrypt env", "sops encrypt", "encrypt secrets", "encrypt .env", "encrypt environment", "re-encrypt", "update encrypted".
Install this agent skill to your Project
npx add-skill https://github.com/joaquimscosta/arkhe-claude-plugins/tree/main/plugins/devtools/skills/sops-encrypt
SKILL.md
SOPS Encrypt
Encrypt .env files by converting to YAML and encrypting with SOPS + age.
Why YAML? SOPS dotenv store has a known bug (#1435) that corrupts backslash and \n sequences. The helper script converts dotenv→YAML before encryption.
Workflow
-
Detect current state:
bashpython3 ${CLAUDE_SKILL_DIR}/../sops-setup/scripts/detect_sops.py <project-root> -
Verify prerequisites:
tools.sops.installedmust be true — if not, tell user to run/devtools:sops-setupproject.sops_yaml.existsmust be true — if not, tell user to run/devtools:sops-setupage_key.existsmust be true — if not, tell user to run/devtools:sops-setup
-
Show unencrypted .env files from
project.env_files. If empty, report "No .env files found to encrypt" and exit. -
Use
AskUserQuestion(multiSelect: true) — which files to encrypt. List each.env*file. If a corresponding.enc.yamlfile already exists, note it will be overwritten. -
Encrypt each selected file (convert dotenv→YAML, then encrypt):
bashpython3 ${CLAUDE_SKILL_DIR}/../sops-setup/scripts/dotenv_yaml.py to-yaml <file> > <file>.enc.yaml.tmp sops --encrypt <file>.enc.yaml.tmp > <file>.enc.yaml rm <file>.enc.yaml.tmpExample:
.env.local→.env.local.enc.yaml -
Verify each encrypted file exists and is non-empty.
-
Summary:
| File | Encrypted To | Status | |------|-------------|--------| | .env.local | .env.local.enc.yaml | done | | .env.production | .env.production.enc.yaml | done |Remind user to commit the
.enc.yamlfiles.
Key Rules
- Always verify
.sops.yamlexists before attempting encryption - Always convert dotenv→YAML before encrypting (use the helper script)
- Warn if an
.enc.yamlfile will be overwritten - Never delete the original
.envfile — only create the.enc.yamlcopy - Clean up
.tmpfiles even if encryption fails
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
joaquimscosta/arkhe-claude-plugins
Skill Name
What this skill does. Use when user mentions "keyword1", "keyword2", or "keyword3". Keep under 1,024 characters and include specific trigger keywords.
joaquimscosta/arkhe-claude-plugins
plugin-release-checker
joaquimscosta/arkhe-claude-plugins
skill-validator
Validate skills against Anthropic best practices for frontmatter, structure, content, file organization, hooks, MCP, and security (62 rules in 8 categories). Use when creating new skills, updating existing skills, before publishing skills, reviewing skill quality, or when user mentions "validate skill", "check skill", "skill best practices", "skill review", or "lint skill".
joaquimscosta/arkhe-claude-plugins
sync-docs
Sync official Anthropic documentation and analyze impact on project components. Runs docs/reference/update-claude-docs.sh, computes diffs, and reports impacts on the skill validator, plugins, and project documentation. Use when user mentions "sync docs", "update reference docs", "refresh docs", or "check doc changes".
joaquimscosta/arkhe-claude-plugins
research-frontmatter
Enforce standard YAML frontmatter on research documents in docs/research/. Use when creating, editing, or promoting research files, when user mentions "research metadata", "research frontmatter", or "research staleness".
joaquimscosta/arkhe-claude-plugins
deep-research
Deep research on technical topics using EXA tools with intelligent two-tier caching. Use when user asks to research a topic, investigate best practices, look up information, find patterns, or explore architectures. Also invoked by /research command. Triggers: "research", "look up", "investigate", "deep dive", "find information about", "what are best practices for", "how do others implement".
Didn't find tool you were looking for?