Encryption

chezmoi supports encrypting whole files with age and gpg. Encrypted files are stored in ASCII-armored format in the source directory with the encrypted_ attribute and are automatically decrypted when needed.

Add files to be encrypted with the --encrypt flag, for example:

$ chezmoi add --encrypt ~/.ssh/id_rsa

chezmoi edit will transparently decrypt the file before editing and re-encrypt it afterwards.