schrenker/org-agecrypt
2
1
Fork 0
Code Issues Pull requests Activity
Encrypt org entries with age
15 commits 1 branch 1 tag 84 KiB
  • Emacs Lisp 94.1%
  • Nix 5.9%
Find a file
Sebastian Zawadzki d79c1437b3 add defvar for org-agenda-skip-archived-trees
2026-02-16 10:12:14 +01:00
.envrc init 2026-02-14 23:15:30 +01:00
.gitignore init 2026-02-14 23:15:30 +01:00
CHANGELOG.org documentation 2026-02-15 11:31:19 +01:00
flake.lock init 2026-02-14 23:15:30 +01:00
flake.nix init 2026-02-14 23:15:30 +01:00
LICENSE Initial commit 2026-02-14 18:31:05 +01:00
org-agecrypt.el add defvar for org-agenda-skip-archived-trees 2026-02-16 10:12:14 +01:00
README.org documentation 2026-02-15 11:31:19 +01:00

README.org

Org Agecrypt

Encrypt org-mode headers with age. This project has adapted org-crypt package that is part of GNU Emacs.

It is not very hard to find critique of GPG about it being bad or insecure. This package helps replacing GPG encryption with age.

Installation

I use elpaca with use package, adjust for your installation method.

(use-package org-agecrypt
  :ensure (org-agecrypt :type git
                        :host codeberg
                        :repo "schrenker/org-agecrypt")
  :after org
  :config
  (setopt org-agecrypt-disable-auto-save t
          org-agecrypt-encryption-keys '(
                                         "agepublickey1qwertyuiop"
                                         "agepublickey2qwertyuiop"
                                         )
          org-agecrypt-private-key-path "/path/to/private/key")

  ;; Prevent secret leakage by encrypting before saving buffer.
  (org-agecrypt-use-before-save-magic))

Customization

Functions

org-agecrypt-encrypt-entry
Encrypt entry at point with recipients from org-agecrypt-encryption-keys
org-agecrypt-encrypt-entries
Encrypt all entries in the file that have tag org-agecrypt-tag-matcher set
org-agecrypt-decrypt-entry
Decrypt entry at point with private key at org-agecrypt-private-key-path
org-agecrypt-decrypt-entries
Decrypt all entries in the file that have tag org-agecrypt-tag-matcher set
org-agecrypt-use-before-save-magic
Adds a hook that encrypts all the entries just before saving a file.

Variables

org-agecrypt-encryption-keys
Required List of age public keys (recipients) to encrypt the org header with. Age accepts multiple public keys, allowing you to decrypt with more than one key
org-agecrypt-private-key-path
Required Absolute path to a private key used to decrypt the org header
org-agecrypt-tag-matcher
(Optional) Encrypt headers with this tag. Defaults to "agecrypt"
org-agecrypt-disable-auto-save
(Optional) Control whether the auto-save-mode is disabled prior to decrypting an entry. Note that auto-save-mode may lead to leaking the secrets. Defaults to 'ask
org-agecrypt-check-key-parity
(Optional) Check whether key at org-agecrypt-private-key-path has it's corresponding public key in org-agecrypt-encryption-keys. Defaults to t

Credits

Original org-crypt
https://cgit.git.savannah.gnu.org/cgit/emacs.git/tree/lisp/org/org-crypt.el
Age
https://github.com/FiloSottile/age