Encrypt Wallet to Namespace Key

Procedure for importing an arbitrary secret (raw key, mnemonic, state secrets) into a Namespace.

Requirements

• Namespace OpenPGP Certificate

  • It can be on an SD card or accessed online

Procedure

1. Access machine which has the secret that should be encrypted available

   • If not on a computer, but a hardware wallet or otherwise, perform the steps on a air-gapped machine

2. Encrypt the secret to certificate:

   • sq encrypt --without-signature --for-file <certificate> <file_to_encrypt> --output encrypted.asc

3. Once encrypted, name the file appropriately and add it to an artifacts/ directory in the appropriate namespace subdirectory in the vaults repository

4. Connect SD card to online linux workstation

5. Look for your SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

   • Mount the device using: sudo mount /dev/<your_device> /media

6. If the ~/vaults/ repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it using sudo rm -rf ~/vaults before re-running the previous step

7. Copy the repository with updated files to an online linux workstation, sign, commit and push to the vaults repository:

   $ cp -r /media/vaults ~/vaults/
   $ cd ~/vaults
   $ git add .
   $ git commit -S -m "<message>"
   $ git push origin HEAD