Giters

chrisdavies / hide

A pass-like secret manager that is less featureful and less useful to anyone but me

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

hide

A little Go program for storing secrets that are protected by a passphrase.

It supports three commands:

hide new somefile
hide edit somefile
hide help

The new and edit commands can also take additional flags which will be passed through to neovim:

hide edit somefile --noplugin

By default, the passphrase is displayed as you type. It is not stored in history, etc. If you are in a place where you don't want your passphrase to be displayed, you probably shouldn't be editing the secret files, either. That said, if you want to keep your passphrase hidden as you type, you can pass the --mask flag.

Editing is done in neovim without scratch or write capabilities. To save the secret file, you have to execute the following command:

:w !hide

How it works

We generate an AES key from your passphrase + salt.

Encrypted files are stored in ~/.hide/ with the salt as the first line.

They are edited in neovim. When editing, we place a line at the top of the file which contains the file name, salt, and key. This line is removed before saving, and is only there to prevent keeping the secret or passphrase in an environment variable or other trivially inspected place.

About

A pass-like secret manager that is less featureful and less useful to anyone but me

Languages

Language:Go 100.0%