Find a file
Adrien Gallouët a1e93a8702 Show version
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2020-04-27 17:10:55 +00:00
.github/workflows Add a GH build workflow 2020-04-25 22:21:37 +00:00
argz Run $SHELL in agent by default 2020-04-27 09:48:50 +00:00
libhydrogen@3de3effcab Import code 2020-04-24 06:55:38 +00:00
.gitignore Import code 2020-04-24 06:55:38 +00:00
.gitmodules Import code 2020-04-24 06:55:38 +00:00
LICENSE Initial commit 2020-04-24 08:44:08 +02:00
Makefile Add a GH build workflow 2020-04-25 22:21:37 +00:00
README.md Run $SHELL in agent by default 2020-04-27 09:48:50 +00:00
secret.c Show version 2020-04-27 17:10:55 +00:00

secret

Keep your little secrets, publicly.

Features

secret is the simplest secret store you can think of:

  • Requires only one file ~/.secret that you can share publicly without fear.
  • No configuration. Get back your file and you're done.
  • Secret's name (hostname, mail, login, etc.) are also encrypted.
  • Secret agent only trusts subprocesses. Not all user processes! How nice is that?
  • Supports multiple passphrases. Not super user-friendly but nice to have.
  • Depends only on the libhydrogen library.
  • Small, simple and non obfuscated C code. Well, I hope so :)

Build and install

Clone the repository recursively:

$ git clone https://github.com/angt/secret --recursive
$ cd secret

Then, run as root:

# make install

As usual, you can customize the destination with DESTDIR and prefix.

Currently, bash completion is not installed. Download the file argz.sh then:

$ . argz.sh
$ complete -F _argz secret

Completion for secrets is only available in a trusted shell. See below.

Commands

Command Description
init Init a secret storage for the user at ~/.secret.
list List all secrets for a given passphrase.
add KEY Add a new secret.
show KEY Show an existing secret.
change KEY Change an existing secret.
agent CMD [ARG]... Run a process in a trusted zone. Typically a shell.

You can use a different store using the SECRET_STORE environment variable:

$ env SECRET_STORE=<FILE> secret ...

Examples

Initialize secret for the current user:

$ secret init

Add a new randomly generated secret:

$ secret add test
Passphrase:
Secret [random]:
9{6u0ue>5&W2+z#OR:`X<@-#

Show the secret:

$ secret show test
Passphrase:
9{6u0ue>5&W2+z#OR:`X<@-#

Start a trusted zone:

$ secret agent
Passphrase:

Now, the passphrase is not requested and completion fully works!

If you don't use bash but still want completion, run secret agent bash or (much better) send a PR to add support for your shiny shell :)


For feature requests and bug reports, please create an issue.