openssl enc: Symmetric Encryption in Scripts
openssl enc encrypts or decrypts a file with a password-derived symmetric key.
A common pattern is encrypting a secrets bundle into the repo and decrypting it in CI with a key from the environment. Use a modern KDF.
What it does
openssl enc applies a symmetric cipher such as AES-256-CBC, deriving the key from a password with a KDF. -d decrypts. Modern usage pairs -pbkdf2 with -salt so the derivation is sound.
Common usage
openssl enc -aes-256-cbc -pbkdf2 -salt \
-in secrets.env -out secrets.enc -pass pass:"$KEY"
openssl enc -aes-256-cbc -pbkdf2 -d \
-in secrets.enc -out secrets.env -pass pass:"$KEY"Options
| Flag | What it does |
|---|---|
| -aes-256-cbc | Cipher to use |
| -pbkdf2 | Use PBKDF2 for key derivation (recommended) |
| -salt | Add a random salt (default on; -nosalt disables) |
| -d | Decrypt instead of encrypt |
| -pass pass:<x> / -pass env:VAR | Supply the password non-interactively |
| -iter <n> | PBKDF2 iteration count |
In CI
OpenSSL 1.1.0+ warns and historically defaulted to a weak MD5-based KDF without -pbkdf2; files encrypted with one set of options must be decrypted with the same options. Encrypt and decrypt with identical -pbkdf2/-iter flags or decryption fails.
Common errors in CI
"bad decrypt" with "error:...:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt" means the wrong password or mismatched KDF flags between encrypt and decrypt. "hex string is too short" means a bad -K/-iv. On 3.x, a file encrypted with an old default cipher may need -provider legacy.