Skip to content
/ secrets Public

Securely manage passwords in a multi-user environment using GPG and several bash scripts

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gg7/secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
decrypted
decrypted
 
 
encrypted
encrypted
 
 
pubkeys
pubkeys
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
add-secret.sh
add-secret.sh
 
 
decrypt.sh
decrypt.sh
 
 
encrypt.sh
encrypt.sh
 
 
readme.md
readme.md
 
 
util.sh
util.sh
 
 

Repository files navigation

Secrets

Password storage and access control through GPG.

Why not use Vault?

  • This is simpler (~128 lines of Bash)
  • Highly available with trivial deployment (git push to several repos)
  • Fully decentralised (keeps working even without Internet access; root can't sniff your passwords)

Setup

First you should set up GPG. See http:https://zacharyvoase.com/2009/08/20/openpgp/ .

In a multi-user environment you should export all keys to pubkeys/. Example:

gpg --output pubkeys/<YOUR_KEY_EMAIL>.asc --armor --export '<YOUR_KEY_EMAIL>'

Finally, do this:

echo '<YOUR_KEY_EMAIL>' > whoami

Creating your first secret

./add-secret.sh

Viewing secrets you have access to

See "vim integration". Otherwise:

./decrypt.sh encrypted/example.gpg
$EDITOR decrypted/example.txt

Updating secrets (data and access to them)

If you use the vim integration don't forget to use :GPGEditRecipients. Otherwise:

$EDITOR decrypted/example.txt
./encrypt.sh decrypted/example.txt

vim integration

Install https://github.com/jamessan/vim-gnupg . This allows you to directly open and update .pgp files.

About

Securely manage passwords in a multi-user environment using GPG and several bash scripts

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages