diff --git a/bin/encrypt_pillar.sh b/bin/encrypt_pillar.sh
new file mode 100644
index 0000000..aeed3cf
--- /dev/null
+++ b/bin/encrypt_pillar.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+help() {
+    echo "Encrypt a given string and print out the output. This output can be"
+    echo "then used as encrypted pillar"
+    echo
+    echo "Arguments:"
+    echo "-s STRING   The string to encrypt"
+    echo
+}
+
+[[ $1 == '--help' ]] && help && exit
+
+while getopts s:v:h arg; do
+    case ${arg} in
+        s) STRING=${OPTARG} ;;
+        h) help && exit ;;
+        *) help && exit 1 ;;
+    esac
+done
+
+[[ -z $STRING ]] && help && exit 1
+
+RECIPIENTS=$(egrep -v '^(#|$)' encrypted_pillar_recipients | while read i; do echo "-r $i"; done | xargs)
+echo -n "${STRING}" | gpg --armor --batch --trust-model always --encrypt ${RECIPIENTS}
diff --git a/encrypted_pillar_recipients b/encrypted_pillar_recipients
new file mode 100644
index 0000000..9cc37e6
--- /dev/null
+++ b/encrypted_pillar_recipients
@@ -0,0 +1,16 @@
+# Christian Boltz <cboltz@opensuse.org>
+0xC6A682EA63C82F1C
+# Lars Vogdt <lrupp@suse.de>
+0xCE054B2AF62B7584
+# Martin Caj <mcaj@suse.com>
+0x2E77A13011F5D3C2
+# Sarah Julia Kriesch <sarah.kriesch@opensuse.org>
+0x6F5CA277DDA33BB5
+# Theo Chatzimichos <tampakrap@opensuse.org>
+0x9640E4FA29485B97
+# Thorsten Bro <tbro@suse.de>
+0x433A21C2C930E5E6
+
+## saltmasters
+# minnie.infra.opensuse.org
+0xF1C33B7A1346F48E