a1e93a8702
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr> |
||
---|---|---|
.github/workflows | ||
argz | ||
libhydrogen@3de3effcab | ||
.gitignore | ||
.gitmodules | ||
LICENSE | ||
Makefile | ||
README.md | ||
secret.c |
secret
Keep your little secrets, publicly.
Features
secret
is the simplest secret store you can think of:
- Requires only one file
~/.secret
that you can share publicly without fear. - No configuration. Get back your file and you're done.
- Secret's name (hostname, mail, login, etc.) are also encrypted.
- Secret agent only trusts subprocesses. Not all user processes! How nice is that?
- Supports multiple passphrases. Not super user-friendly but nice to have.
- Depends only on the libhydrogen library.
- Small, simple and non obfuscated C code. Well, I hope so :)
Build and install
Clone the repository recursively:
$ git clone https://github.com/angt/secret --recursive
$ cd secret
Then, run as root
:
# make install
As usual, you can customize the destination with DESTDIR
and prefix
.
Currently, bash completion is not installed. Download the file argz.sh then:
$ . argz.sh
$ complete -F _argz secret
Completion for secrets is only available in a trusted shell. See below.
Commands
Command | Description |
---|---|
init | Init a secret storage for the user at ~/.secret . |
list | List all secrets for a given passphrase. |
add KEY | Add a new secret. |
show KEY | Show an existing secret. |
change KEY | Change an existing secret. |
agent CMD [ARG]... | Run a process in a trusted zone. Typically a shell. |
You can use a different store using the SECRET_STORE
environment variable:
$ env SECRET_STORE=<FILE> secret ...
Examples
Initialize secret for the current user:
$ secret init
Add a new randomly generated secret:
$ secret add test
Passphrase:
Secret [random]:
9{6u0ue>5&W2+z#OR:`X<@-#
Show the secret:
$ secret show test
Passphrase:
9{6u0ue>5&W2+z#OR:`X<@-#
Start a trusted zone:
$ secret agent
Passphrase:
Now, the passphrase is not requested and completion fully works!
If you don't use bash
but still want completion,
run secret agent bash
or (much better) send a PR to add support for your shiny shell :)
For feature requests and bug reports, please create an issue.