The more general version of this is probably sops[1].
(A general problem with these kinds of “wrap GPG” tools is that you end up with “mystery meat” encryption/signatures: your tool’s security margin is at the mercy of GPG’s opaque and historically not very good defaults.)
This is 13 lines of Bash plus GPG which is available ~everywhere and a pretty lowish level Linux dependency. SOPS is +20KLOC of Go with support for cloud KMS etc etc. I think you got your mystery meat analogy backwards.
The mystery meat in question is GPG, not sops or this.
(I also wouldn’t call GPG a low level dependency.)
lowish. Meaning if you run a Linux desktop env with a mild amount of software installed it's likely pulled in already.
I’ve used a Linux desktop for my entire adult life, and I’m pretty sure GPG has never been bundled directly with my environment. I used to install it directly, but I haven’t needed that in years either since everything I needed GPG for (= git) supports SSH signing instead.
So is Perl, that doesn’t make it a good argument to use it still for the same reasons.
GPG man page is long. But to be fair, GPG, which I have used for decades, has never failed me.
I didn't know about sops, thanks for sharing!
Encrypting YAML files' values may be handy for another project - will take note of it.