Encrypted Prompt Management System #
The Hinoki project uses a GPG-based encryption system to securely manage AI prompts. This system ensures that sensitive prompt data is encrypted both at rest and in transit while allowing seamless integration with the development and deployment workflows.
Overview #
The encrypted prompt management system consists of three main components:
- Source Directory:
src/hinoki/prompts/secret_source/- Contains unencrypted prompt files for local development - Encrypted Directory:
src/hinoki/prompts/secret_source_encrypted/- Contains GPG-encrypted prompt files committed to the repository - Automation Scripts: Tools for encrypting, decrypting, and managing prompt files
Directory Structure #
src/hinoki/prompts/
├── __init__.py
├── secret_source/ # Unencrypted prompts (local only, gitignored)
│ ├── accounting/
│ │ └── prompt.py
│ ├── classification/
│ │ └── prompt.py
│ ├── extraction/
│ │ ├── default_prompt.py
│ │ └── knowledge_prompt.py
│ ├── highlight/
│ │ └── prompt.py
│ ├── knowledge/
│ │ └── prompt.py
│ └── vendor_matching/
│ └── prompt.py
├── secret_source_encrypted/ # Encrypted prompts (committed to repo)
│ ├── accounting/
│ │ └── prompt.py.gpg
│ ├── classification/
│ │ └── prompt.py.gpg
│ ├── extraction/
│ │ ├── default_prompt.py.gpg
│ │ └── knowledge_prompt.py.gpg
│ ├── highlight/
│ │ └── prompt.py.gpg
│ ├── knowledge/
│ │ └── prompt.py.gpg
│ └── vendor_matching/
│ └── prompt.py.gpg
└── secret_source_backup/ # Backup directory (not committed)
Environment Setup #
GPG Keys Location #
GPG keys are stored in Doppler under the hinoki project:
- Project:
hinoki - Config:
dev_local(for local development) - Keys:
GPG_RECIPIENT: [email address]GPG_SECRET_KEY: Private GPG key for decryption
Required Environment Variables #
The system requires these environment variables (automatically loaded from Doppler):
GPG_RECIPIENT=[email address]
GPG_SECRET_KEY=<private-key-from-doppler>
Development Workflow #
For Hinoki Users (General Users) #
If you have access to Hinoki, no special setup is required. Running the mise dev command will automatically decrypt prompt files and create Docker images.
For Hinoki Developers #
If you need to develop and edit Hinoki prompts, follow the setup and procedures below.
Initial Setup #
-
Get and import GPG public key:
The GPG public key is stored in 1Password. Download the appropriate public key and import it with the following command:
gpg --import path/to/public-key.asc -
Configure Doppler:
cd libs/python/bonsai-hinoki/hinoki doppler setup --project hinoki --config dev_local
Development Workflow #
1. Decrypt Prompt Files #
Before starting development, decrypt the encrypted prompt files:
cd libs/python/bonsai-hinoki/hinoki
mise run decrypt-files
This command performs the following operations:
- Creates the
secret_sourcedirectory if it doesn’t exist - Decrypts all
.py.gpgfiles insecret_source_encrypted/ - Preserves directory structure
- Skips files that already exist
2. Edit Prompts #
Edit the files in the decrypted secret_source/ directory:
# src/hinoki/prompts/secret_source/accounting/prompt.py
ACCOUNTING_PROMPT = """
Write your updated prompt content here...
"""
Available prompt files for editing:
secret_source/accounting/prompt.py- Accounting processing promptsecret_source/classification/prompt.py- Classification processing promptsecret_source/extraction/default_prompt.py- Extraction processing (default)secret_source/extraction/knowledge_prompt.py- Extraction processing (knowledge-based)secret_source/highlight/prompt.py- Highlight processing promptsecret_source/knowledge/prompt.py- Knowledge processing promptsecret_source/vendor_matching/prompt.py- Vendor matching processing prompt
3. Encrypt Prompts #
After editing, encrypt the files before committing changes:
Encrypt a specific file:
mise run encrypt-file -- accounting/prompt.py
Encrypt all files:
mise run encrypt-files
4. Commit Changes #
Important: Do not commit the secret_source/ directory (decrypted files). Only commit the encrypted files:
git add src/hinoki/prompts/secret_source_encrypted/
git commit -m "Update accounting prompt"
Newly Added mise Commands #
| Command | Description |
|---|---|
mise run decrypt-files |
Decrypt all encrypted prompt files |
mise run encrypt-files |
Encrypt all prompt files |
mise run encrypt-file -- <file_path> |
Encrypt only the specified file |
Usage examples:
# Decrypt all files
mise run decrypt-files
# Encrypt a specific file
mise run encrypt-file -- accounting/prompt.py
# Encrypt all files
mise run encrypt-files
All commands should be run from the libs/python/bonsai-hinoki/hinoki/ directory.
Automation Scripts #
encrypt.py #
Located at scripts/encrypt.py, this script handles the encryption of prompt files.
Features:
- Validates file paths and types
- Encrypts individual files or all files in the source directory
- Uses GPG with the configured recipient
- Maintains directory structure in the encrypted directory
Usage:
# Encrypt a specific file
python scripts/encrypt.py --file_path accounting/prompt.py
# Encrypt all files
python scripts/encrypt.py
backend.py #
Located at scripts/backend.py, this is a custom Poetry build backend that automatically decrypts prompts during package building.
Features:
- Automatically imports GPG secret key from environment
- Decrypts all encrypted prompts before building
- Integrates seamlessly with Poetry build process
- Used in Docker builds and CI/CD pipelines
Docker Integration #
Build Arguments #
The system supports GPG encryption in Docker builds through build arguments:
ARG GPG_RECIPIENT
ARG GPG_SECRET_KEY
ENV GPG_RECIPIENT=${GPG_RECIPIENT}
ENV GPG_SECRET_KEY=${GPG_SECRET_KEY}
Docker Compose #
services:
bonsai-service:
build:
args:
GPG_RECIPIENT: ${GPG_RECIPIENT}
GPG_SECRET_KEY: ${GPG_SECRET_KEY}
CI/CD Integration #
GitHub Actions #
The deployment workflow includes GPG secrets:
- name: Build and Deploy
with:
build-args: |
GPG_RECIPIENT=${{ secrets.GPG_RECIPIENT }}
GPG_SECRET_KEY=${{ secrets.GPG_SECRET_KEY }}
Required Secrets #
Configure these secrets in your CI/CD system:
GPG_RECIPIENT: Email address of the GPG key recipientGPG_SECRET_KEY: Private GPG key for decryption
Security Considerations #
Best Practices #
- Never commit unencrypted prompts to the repository
- Use Doppler or secure environment management for GPG keys
- Rotate GPG keys regularly and update all environments
- Limit access to GPG private keys to authorized personnel only
- Use separate GPG keys for different environments if needed
Access Control #
- The
secret_source/directory is gitignored to prevent accidental commits - Only encrypted files in
secret_source_encrypted/are committed - GPG keys should be managed through secure secret management systems
Troubleshooting #
Common Issues #
1. GPG Key Not Found #
gpg: error: [recipient] not found
Solution: Import the public key for the recipient:
gpg --import public.key
2. Permission Denied During Decryption #
gpg: error: decryption failed: No secret key
Solution: Import the private key and ensure GPG_SECRET_KEY is set:
gpg --import private.key
export GPG_SECRET_KEY="your-private-key"
3. Files Not Decrypting in Docker #
Solution: Ensure build arguments are properly passed:
- Check
GPG_SECRET_KEYis correctly formatted (newlines as\n) - Verify the private key is accessible in the container
Debugging Commands #
# List GPG keys
gpg --list-keys
gpg --list-secret-keys
# Test decryption manually
gpg -d src/hinoki/prompts/secret_source_encrypted/accounting/prompt.py.gpg
# Check environment variables
echo $GPG_RECIPIENT
echo $GPG_SECRET_KEY | head -c 50 # Show first 50 chars only
Migration Guide #
From Unencrypted to Encrypted #
If you’re migrating from an existing unencrypted prompt system:
-
Backup existing prompts:
cp -r src/hinoki/prompts/secret_source src/hinoki/prompts/secret_source_backup -
Set up GPG keys following the environment setup guide
-
Encrypt all prompts:
mise run encrypt-files -
Update gitignore to exclude
secret_source/ -
Commit encrypted files:
git add src/hinoki/prompts/secret_source_encrypted/ git commit -m "Add encrypted prompt management system" -
Update CI/CD to include GPG secrets