I had a task to move all our encrypted kubernetes secrets that we had stored encrypted on github to Keybase new encrypted git repositories. It would make it much easier to edit the secrets and still not have them stored unencrypted at another companies server.
The difficult part of this command is to dump the files to the same filename as the key has as name.
xargs can run a command per item it gets piped, but you can’t append
> to write the output to individual files as it is the output of the whole
xargs command. Therefore you have to use
sh to start a new shell and give the secret name as argument to that shell so that you can use it as $1 to get the correct escaping for the filename.
You can read more about Keybase awesome encrypted git repositories https://keybase.io/blog/encrypted-git-for-everyone