Find a file
Adrien Gallouët bbd7f1fa6b Put S_ENV_AGENT_REQ in S_ENV_AGENT
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2020-04-25 12:19:08 +00:00
argz Support completion on bash 3.x 2020-04-24 11:20:18 +00:00
libhydrogen@3de3effcab Import code 2020-04-24 06:55:38 +00:00
.gitignore Import code 2020-04-24 06:55:38 +00:00
.gitmodules Import code 2020-04-24 06:55:38 +00:00
LICENSE Initial commit 2020-04-24 08:44:08 +02:00
Makefile Import code 2020-04-24 06:55:38 +00:00
README.md Code cleanup 2020-04-25 11:40:13 +00:00
secret.c Put S_ENV_AGENT_REQ in S_ENV_AGENT 2020-04-25 12:19:08 +00:00

secret

Keep your little secrets, publicly.

Features

secret is the simplest secret store you can think of:

  • Requires only one file ~/.secret that you can share publicly without fear.
  • No configuration. Get back your file and you're done.
  • Secret's name (hostname, mail, login, etc.) are also encrypted.
  • Secret agent only trusts subprocesses. Not all user processes! How nice is that?
  • Supports multiple passphrases. Not super user-friendly but nice to have.
  • Depends only on the libhydrogen library.
  • Small, simple and non obfuscated C code. Well, I hope so :)

Build and install

$ git clone https://github.com/angt/secret --recursive
$ cd secret
$ make

Then, as root:

# make install prefix=/usr

Currently, bash completion is not installed. Download the file argz.sh then:

$ . argz.sh
$ complete -F _argz secret

Completion for secrets is only available in a trusted shell. See below.

Commands

Command Description
init Init a secret storage for the user at ~/.secret.
list List all secrets for a given passphrase.
add KEY Add a new secret.
show KEY Show an existing secret.
change KEY Change an existing secret.
agent CMD [ARG]... Run a process in a trusted zone. Typically a shell.

Examples

Initialize secret for the current user:

$ secret init

Add a new generated secret:

$ secret add test
Password:
Secret [random]:
9{6u0ue>5&W2+z#OR:`X<@-#

Show the secret:

$ secret show test
Password:
9{6u0ue>5&W2+z#OR:`X<@-#

Start bash in a trusted zone:

$ secret agent bash
Password:

Now you can play with your little secrets, but only in this shell:

$ ./secret show test
9{6u0ue>5&W2+z#OR:`X<@-#

Note that passphrase was not required.


For feature requests and bug reports, please create an issue.