crypt
Universal cryptographic tool with AWS KMS, GCP KMS and Azure Key Vault support.
Maturity
Provider |
Maturity |
AWS KMS |
beta |
GCP KMS |
alpha |
Azure Key Vault |
alpha |
Installation
Binaries
For binaries please visit the Releases Page.
Via Go
$ go get github.com/VirtusLab/crypt
Via Homebrew
# Will be installed as cloudcrypt
$ brew tap virtuslab/cloud && brew install cloudcrypt
Usage
NAME:
crypt - Universal cryptographic tool with AWS KMS, GCP KMS and Azure Key Vault support
USAGE:
crypt [global options] command [command options] [arguments...]
VERSION:
v0.1.0-5d53a581
AUTHOR:
VirtusLab
COMMANDS:
encrypt, enc, en, e Encrypts files and/or strings
decrypt, dec, de, d Decrypts files and/or strings
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -d run in debug mode
--help, -h show help
--version, -v print the version
Encryption using AWS KMS
AWS KMS uses client from AWS SDK for Go.
You can either run aws configure
(if you don't have ~/.aws/credentials
already)
or set environment variables.
To set AWS profile use --profile
parameter.
Example usage with file:
$ echo "top secret" > file.txt
$ crypt encrypt aws \
--in file.txt \
--out file.enc \
--region eu-west-1 \
--kms alias/test
$ crypt decrypt aws \
--in file.enc \
--out file.dec \
--region eu-west-1
Example usage with stdin
:
$ echo "top secret" | crypt encrypt aws \
--out file.enc \
--region eu-west-1 \
--kms alias/test
Encryption using GCP KMS
GCP KMS uses DefaultClient from Google Cloud Client Libraries for Go.
You can either run gcloud auth application-default login
or set GOOGLE_APPLICATION_CREDENTIALS
environment variable which points to the file with valid service account.
Example usage with file:
$ echo "top secret" > file.txt
$ crypt encrypt gcp \
--in file.txt \
--out file.enc \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
$ crypt decrypt gcp \
--in file.enc \
--out file.dec \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
Example usage with stdin
:
$ echo "top secret" | crypt encrypt gcp \
--out file.enc \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
Encryption using Azure Key Vault
Azure Key Vault uses NewAuthorizerFromEnvironment from Microsoft Azure SDK for go.
Run az login
to get your Azure credentials.
Example usage with file:
$ echo "top secret" > file.txt
$ crypt encrypt gcp \
--in file.txt \
--out file.enc \
--vaultURL https://example-vault.vault.azure.net \
--name global \
--version 77ea..
$ crypt decrypt gcp \
--in file.enc \
--out file.dec \
--vaultURL https://example-vault.vault.azure.net \
--name global \
--version 77ea..
Example usage with stdin
:
$ echo "top secret" | crypt encrypt gcp \
--out file.enc \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
Development
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
mkdir -p $GOPATH/src/github.com/VirtusLab
cd $GOPATH/src/github.com/VirtusLab
git clone git@github.com:VirtusLab/crypt.git
cd crypt
go get -u github.com/golang/dep/cmd/dep
make all
Testing
make test
Integration testing
Update properties in Makfile
if necessary and run:
make integrationtest
Contribution
Feel free to file issues or pull requests.