Long time to encrypt/decrypt age secret files

I'm using batou 2.4.1

git:(master) ✗ cat requirements.txt 
batou==2.4.1
boto3
batou_ext>=2.4
ConfigUpdater==3.0.1

and using the age feature to encrypt/decrypt files

git:(master) ✗ ls -l environments/staging 
total 264
-rw-r--r--  1 flanitz  staff   3464  6 Mai 14:55 age_keys.txt
-rw-r--r--  1 flanitz  staff   7216  6 Mai 14:40 environment.cfg
-rw-r--r--  1 flanitz  staff   4726  6 Mai 14:40 secret-apigateway-prv.pem.age
-rw-r--r--  1 flanitz  staff   3411  6 Mai 14:40 secret-apigateway-pub.pem.age
-rw-r--r--  1 flanitz  staff   5369  6 Mai 14:40 secret-apigateway-preprod.json.age
-rw-r--r--  1 flanitz  staff   5358  6 Mai 14:40 secret-apigateway-test.json.age
-rw-r--r--  1 flanitz  staff   4632  6 Mai 14:55 secret-dik-mtls.crt.age
-rw-r--r--  1 flanitz  staff   6395  6 Mai 14:40 secret-dik-mtls.prv.key.age
-rw-r--r--  1 flanitz  staff   4814  6 Mai 14:40 secret-mailservice-dkim.prv.key.age
-rw-r--r--  1 flanitz  staff   6394  6 Mai 14:40 secret-qes-fes-jwt-prv.key.age
-rw-r--r--  1 flanitz  staff   3761  6 Mai 14:40 secret-qes-fes-jwt-pub.pem.age
-rw-r--r--  1 flanitz  staff   6394  6 Mai 14:40 secret-qes-fes-mtls-prv.key.age
-rw-r--r--  1 flanitz  staff   4639  6 Mai 14:40 secret-qes-fes-mtls.crt.age
-rw-r--r--  1 flanitz  staff   6395  6 Mai 14:40 secret-qes-qes-jwt.prv.key.age
-rw-r--r--  1 flanitz  staff   3760  6 Mai 14:40 secret-qes-qes-jwt.pub.pem.age
-rw-r--r--  1 flanitz  staff   4639  6 Mai 14:40 secret-qes-qes-mtls.crt.age
-rw-r--r--  1 flanitz  staff   6394  6 Mai 14:40 secret-qes-qes-mtls.prv.key.age
-rw-r--r--  1 flanitz  staff  11305  6 Mai 14:40 secrets.cfg.age

The process of simple open the secrets took quiet some time

git:(master) ✗ time ./batou secrets edit staging 
No changes from original cleartext. Not updating.
./batou secrets edit staging  13,84s user 0,49s system 39% cpu 36,478 total

In this case I did not save any changes -- however saving also takes some time.

While saving I'm getting

WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
WARNING: The age encryption public-key metadata file has changed!
This means that some secrets are now encrypted with a different set of keys.
Please make sure that the new keys are correct and check the file in once you are done.
./batou secrets edit staging  27,89s user 1,16s system 22% cpu 2:08,23 total

flyingcircusio / batou

Long time to encrypt/decrypt age secret files #454