I would suggest installation using pipx. This keeps belt from affecting anything else in your default pip environment.
First install pipx-
pip install pipxThen use pipx to install belt-cli-
pipx install belt-cliBy default, this will put the executable in ~/.local/bin- make sure it's in your shell$PATHorfish_user_paths.
If you don't want to use pipx then you can simply do
pip install belt-cli~/.config/belt/config.yaml
To generate an initial configuration file containing defaults and a random key, run belt init. If a configuration file exists,belt will warn you and request confirmation.
You can also give permission to overwrite existing configuration with the -o or --overwrite flag.
crypt:
env: BELT_CRYPT_KEY
key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
warned: false
dns:
server: 1.1.1.1
root: falseMake sure you back up your key, whether you store it in the config file or the environment. A password manager is an excellent choice for this.
If you use chezmoi to manage your dotfiles, add the belt config file with encryption. Though you then need to make sure you back up your chezmoi key.
Without the key, anything you encrypt with belt crypt simple encrypt will be unrecoverable.
Encryption is performed using ChaCha20Poly1305 AEAD combined with a 64-bit BLAKE2b hash. Keys and encrypted data are Base85 encoded with the Bitcoin alphabet for compatibility, which uses only alphanumeric characters. Key and data integrity are checked at multiple stages.
The cryptographic implementation in belt does not split input into blocks. This makes it entirely unsuitable for encrypting files or anything larger than around 100kB. It's intended for encrypting and decrypting short strings like API keys, but works fine for most configuration files too.
If you want strong symmetric encryption suitable for files, age (or the faster Rust implementation, rage) is a good choice.
