chore: add encryption tools

.devfiles/justfile

@@ -0,0 +1,32 @@
+set dotenv-load := true
+
+export AGEBOX_DEBUG := "0"
+export AGEBOX_PUBLIC_KEYS := source_dir() + "/public_keys.txt"
+
+fetch-deps:
+  .devfiles/scripts/fetch_gh_release.sh "slok/agebox" "agebox-linux-amd64" "agebox"
+
+# Easy and simple file repository encryption tool based on Age.
+agebox +ARGS="--help":
+  @.devfiles/bin/agebox  {{ ARGS }}
+
+# Encrypt the provided files, relative to project root.
+encrypt +FILES: (agebox "encrypt " + FILES)
+
+# Encrypt all the tracked files.
+encrypt-all: (agebox "encrypt --all")
+
+# Decrypt the provided files, relative to project root.
+decrypt +FILES: (agebox "decrypt " + FILES)
+
+# Decrypt all the tracked files.
+decrypt-all: (agebox "decrypt --all --force")
+
+# Reencrypt all the tracked files with the new public keys.
+reencrypt: (agebox "reencrypt")
+
+# Show the content of an encrypted file to stdout.
+peek +FILES: (agebox "cat " + FILES)
+
+# Validate that all tracked files are encrypted.
+check:(agebox "validate --no-decrypt ")

.devfiles/public_keys.txt

@@ -0,0 +1,2 @@
+# anavarro
+age1gj7hj894l0a0lvu3fsndlkdkyc0da7963kcqhpfe43reflx3gafqnm058u

.devfiles/scripts/fetch_gh_release.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+basedir=".devfiles/bin"
+
+repo="$1"
+shift
+release_filename="$1"
+shift
+out_filename="$basedir/$1"
+shift
+
+curl -sSL "https://github.com/$repo/releases/latest/download/$release_filename" -o "$out_filename"
+
+chmod +x "$out_filename"