Secrets Infrastructure

Overview

A multi-layer encryption ecosystem combining Age, gocryptfs, LUKS, gopass, and post-quantum SSH with YubiKey hardware security.

Figure 1. Secrets Infrastructure Architecture

Key Features

Feature	Description
5 Encryption Technologies	Age, gocryptfs, LUKS2, GPG, SSH-PQ
9 Custom Tools	dsec, age-edit, vault-manager, and more
4 Encrypted Vaults	credentials, work-sensitive, network-configs, personal
Post-Quantum SSH	ML-KEM-768 + sntrup761 hybrid key exchange
Hardware Security	YubiKey FIDO2 resident keys

Feature

Description

5 Encryption Technologies

Age, gocryptfs, LUKS2, GPG, SSH-PQ

9 Custom Tools

dsec, age-edit, vault-manager, and more

4 Encrypted Vaults

credentials, work-sensitive, network-configs, personal

Post-Quantum SSH

ML-KEM-768 + sntrup761 hybrid key exchange

Hardware Security

YubiKey FIDO2 resident keys

Storage Tiers

Figure 2. Storage Tiers

Quick Start

# Load ISE lab credentials
eval "$(dsec source d000 dev/network)"

# Run automation
python3 query_endpoints.py

# Clear when done
eval "$(dsec unsource)"

Document Structure

Architecture: System design, encryption layers, security model
Tools: dsec CLI, vault manager, LUKS scripts
SSH Deployment: Key inventory, SSH config, YubiKey setup
Operations: Daily workflows, backup and recovery
Quick Reference: Command cheat sheet