• Master :
• Develop :

Alan is a bridge between Hashicorp Vault and some password managers :

• KeepassXC
• 1password.com
• Lastpass
• Pwsafe

You can download the binaries :

• Architecture i386 [ linux / darwin / freebsd / netbsd / openbsd / windows ]
• Architecture amd64 [ linux / darwin / freebsd / netbsd / openbsd / windows ]
• Architecture arm [ linux / freebsd / netbsd ]

• CLI help:

    $ alan help
  

• Start a Vault development server :

    $ vault server -dev
  

• Setup Vault :

    $ export VAULT_ADDR="https://localhost:8200"
    $ vault auth list
    Path      Type     Description
    ----      ----     -----------
    token/    token    token based credentials
  
    $ vault auth enable userpass
    Success! Enabled userpass auth method at: userpass/
  
    $ vault auth list
    Path         Type        Description
    ----         ----        -----------
    token/       token       token based credentials
    userpass/    userpass    n/a
  
    $ vault secrets list
    Path          Type         Description
    ----          ----         -----------
    cubbyhole/    cubbyhole    per-token private secret storage
    identity/     identity     identity store
    secret/       kv           key/value secret storage
    sys/          system       system endpoints used for control, policy and debugging
  
    $ vault policy write alan-policy -<<EOF
    path "secret/*" {
            capabilities = ["create", "read", "update", "delete", "list"]
    }
    EOF
  
    $ vault policy list
    alan-policy
    default
    root
  
    $ vault write auth/userpass/users/alan password=turing policies=alan-policy
    Success! Data written to: auth/userpass/users/alan
  
    $ vault login -method=userpass username=alan password=turing
    Success! You are now authenticated. The token information displayed below
    is already stored in the token helper. You do NOT need to run "vault login"
    again. Future Vault requests will automatically use this token.
  
    Key                    Value
    ---                    -----
    token                  15589767-1e25-6c44-e8c2-9b6c3ac13099
    token_accessor         5fefe9fe-6da7-b67b-a8f0-47583488057e
    token_duration         768h
    token_renewable        true
    token_policies         [alan-policy default]
    token_meta_username    foo
  
    $ vault write secret/foo value=yes
    Success! Data written to: secret/foo
    $ vault read secret/foo
    Key                 Value
    ---                 -----
    refresh_interval    768h
    value               yes
  

• Display database entries :

    $ alan keepassxc show --database alan.kdbx
    Please input your password:
    Dev
    Github: foo https://github.com
    Gitlab: foo https://gitlab.com
    Social
    Twitter: alan https://twitter.com
    >>> foo https://fake.social
    Root
  

• Import a KeepassXC database into the Vault:

    $ alan keepassxc import --database alan.kdbx
    Please input your password:
    Add secret: Dev/Github
    Add secret: Dev/Gitlab
    Add secret: Social/Twitter
  

• Check entries :

    $ alan vault list
    - Dev/
    - Social/
  
    $ alan vault list --path Dev
    - Github
    - Gitlab
  

• Retrieve a secret :

    $ alan vault get --path Dev/Github
    Username: foo
    Password: bar
    URL: https://github.com
  

• Initialize environment

    $ make init
  

• Build tool :

    $ make build
  

• Launch unit tests :

    $ make test
  

See CONTRIBUTING.

See LICENSE for the complete license.

A changelog is available

Nicolas Lamirault [email protected]