mksecret

command module

v0.0.0-...-e07c920 Latest Latest Go to latest Published: Jul 2, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubetrail/mksecret

README ¶

mksecret

CLI tool for storing and managing versions of secrets on Google secret manager.

disclaimer

The use of this tool does not guarantee security or suitability for any particular use. Please review the code and use at your own risk.

installation

This step assumes you have Go compiler toolchain installed on your system.

go install github.com/kubetrail/mksecret@latest

Install shell completion. For instance bash completion can be installed by adding following line to your .bashrc:

source <(mksecret completion bash)

Create a Google cloud project and activate Secrets Manager API. Also create a service account key and then export following two variables after replacing the values to your setup:

GOOGLE_PROJECT_ID=your-project-id
GOOGLE_APPLICATION_CREDENTIALS=service-account-file-path.json

store a secret

A secret can be stored as a string.

mksecret set --name=foo bar

Please note that the secret name, once created, cannot be changed later. Furthermore, secrets are best entered via STDIN to avoid getting them captured in command history or files on disk

mksecret set --name=foo

Enter secret as a string: bar 2
bar 2

retrieve the secret value

Secret value can be retrieved formatted as table, json or native

mksecret get foo --output-format=table

  NAME   VERSION   PHRASE  
-------+---------+---------
  foo          2   bar 2

As you can see the version is set at 2 since we created foo named secret twice. We can retrieve a particular version

mksecret get foo --output-format=table --version=1

  NAME   VERSION   PHRASE  
-------+---------+---------
  foo          1   bar

encrypt secrets before storing

Secrets can be encrypted by using --encrypt flag:

mksecret set --name=encrypted-foo --encrypt my super secret string

This input will be encrypted using your password
Enter encryption password (min 8 char): 
Enter encryption password again: 
my super secret string

Behind the scenes the code generates an AES key deterministically using your password and then encrypts the input phrase using that AES key before storing.

retrieve phrases

Stored phrases can be listed:

mksecret list --output-format=table

                  NAME                  
----------------------------------------
  foo  
  encrypted-foo

delete phrase

When a named phrase is deleted, all versions of secret material are deleted forever.

Please use caution when using this command

mksecret delete foo

Type secret name to delete: foo

The above command will ask for confirmation, however, --force option can be used to skip the confirmation and delete the secret without any confirmation.

mksecret delete encrypted-foo --force

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
pkg
app
crypto
flags
run

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL