sectool

command module
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2024 License: MIT Imports: 4 Imported by: 0

README

sectool - Secure Tool for Managing SSH Key Pairs and Secrets

Build Status

License

sectool is a command-line tool written in Go that provides a secure and user-friendly way to manage SSH key pairs and secrets stored in a local vault. This tool is built using the Cobra CLI framework and is released under the MIT license.

Features

  • Manage SSH key pairs: Add, delete, list, lock, and unlock SSH key pairs.
  • Manage secrets: Store and retrieve key-value secrets in a local vault.
  • Security: Encrypts stored secrets to ensure sensitive information remains secure.
  • Easy-to-use: Clear and intuitive commands for effortless management of keys and secrets.
  • Makefile: The included Makefile simplifies building, testing, and other tasks.

Table of Contents

Installation

Before you begin, ensure you have Go installed on your system. You can install sectool using the following steps:

  1. Clone this repository:

    git clone https://github.com/your-username/sectool.git

  2. Navigate to the project directory:

    cd sectool

  3. Build the tool using the Makefile:

    make build

  4. You should now have the sectool binary in the project's root directory. You can move it to a directory in your system's PATH to make it accessible from anywhere.

Usage

SSH Key Pair Management

The ssh command group allows you to manage your SSH key pairs.

  • To add a new SSH key pair:

    sectool ssh add <key name>

  • To delete an existing SSH key pair:

    sectool ssh del <key name>

  • To initialize SSH key pair management:

    sectool ssh init <master password>

  • To list existing SSH key pairs:

    sectool ssh list

  • To lock all SSH key pairs:

    sectool ssh lock

  • To unlock all locked SSH key pairs:

    sectool ssh unlock
Secrets Vault

The vault command group allows you to manage secrets stored in the local vault.

  • To add a new secret:

    sectool vault set <key> <value>

  • To retrieve a secret:

    sectool vault get <key> [-export] [-quoted]

  • To delete a secret:

    sectool vault del <key>

  • To list all stored secrets:

    sectool vault list

Integration with other tools

The tool provides the exec command to allow to run external applications with secrets exposed as environment variables. It requires to have a file sectool.env with the configured variables to be added to the environment.

Example of running with terraform:

sectool.env

AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_KEY
TF_VAR_mysql_root_password=$MYSQL_ROOT_PASSWORD
TF_VAR_another_secret=$ANOTHER_STORED_SECRET

Executing terraform:

sectool exec -- terraform apply --auto-approve

Note: All sensitive data will not be visible from the application output.

Vault location

When running the execcommand, if not specified, the vault file needs to be located at the same folder of sectool.env, to override the location you can either use -vflag or .vaultfile.

sectool -v <vault_location> -- <commmand>

Using .vault file to point the vault to the parent folder.

../repository.vault

Note: currently it is only supported to load from the local filesystem.

Contributing

Contributions to sectool are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request. See the Contribution Guidelines for more details.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Thanks to the Go community for providing the tools and resources to build this project.
  • Special mention to the developers of libraries and tools used in this project.

Documentation

Overview

Copyright © 2023 Alexandre Pires

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Source Files

View all Source files

Directories

Path Synopsis
cmd
exec
ssh
vault
internal
crypto
ssh
vault
vault.go
 vault.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.