opensecret 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +41 -16
- data/Rakefile +15 -0
- data/lib/opensecret.rb +1 -0
- data/lib/opensecret/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d8c7565fa1ae84582a92d7ecd437008570baaec0
|
4
|
+
data.tar.gz: fc2f65062e9fc99b57cd7aa773e5969a015c2ea2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9d92678d4e10eeffd23e8fcb576e3ec7d0dbc79b5266f33a1cf83a2a5791e20485a905320f58dcc1a77f4d98206719664def1699d2cc78e7b80eab6a8088242d
|
7
|
+
data.tar.gz: a6c663d79a1435bec2896f383b8a7cc71a10557d1a80117bb4d01bba33fd7c411786ddbe3e15e6cfc9d8d8d28c62cfacd38dc4b3107fa41cf2b59fc5fa9c8d23
|
data/README.md
CHANGED
@@ -4,31 +4,50 @@ opensecret [![Build Status](https://secure.travis-ci.org/TwP/inifile.png)](http:
|
|
4
4
|
Description
|
5
5
|
-----------
|
6
6
|
|
7
|
-
opensecret stashes uncrackable secrets into your Git
|
7
|
+
+opensecret+ stashes uncrackable secrets into your +Git+, +S3+, DropBox, Google Drive and filesystems backends. You interface with its intuitive Linux, Windows, iOS front ends and it offers SDKs and plugins for +Ruby+, +Python+, +Go+, +Java+, Jenkins, CodeShip, Ansible, Terraform, Puppet and Chef. Soon, support will be added for database and keystore backends such as +MySQL+, +MongoDB+, +PostgreSQL+, Redis, Memcached and etcd.
|
8
|
+
|
9
|
+
opensecret never accesses the cloud for anything - it is designed to operate on a single non-networked laptop if you so wish. opensecret takes a fresh approach to security and challenges common misconceptions - in order to deliver a simple, highly secure credentials management system.
|
10
|
+
|
8
11
|
|
9
12
|
### opensecret | Install It
|
10
13
|
|
11
14
|
$ gem install opensecret
|
12
15
|
|
13
|
-
### opensecret | Create a Domain
|
14
16
|
|
15
|
-
|
17
|
+
### opensecret | Configure It
|
18
|
+
|
19
|
+
$ opensecret keydir /path/to/usb/key/dir
|
20
|
+
$ opensecret name joe
|
21
|
+
$ opensecret email joebloggs@harvard.edu
|
22
|
+
$ opensecret domain lecturers@harvard
|
23
|
+
$ opensecret store https://www.eco-platform.co.uk/crypt/lecturers.git
|
16
24
|
|
17
|
-
$ opensecret init
|
18
|
-
$ opensecret init lecturers@harvard https://www.eco-platform.co.uk/crypt/lecturers.git
|
25
|
+
$ opensecret init
|
19
26
|
|
20
|
-
Every domain is tied to backend storage which is accessible by you and others in your domain. You can use Git, S3, a networked filesystem or shared drive, a SSH accessible filesystem and soon, free storage from opensecret.io
|
21
27
|
|
28
|
+
### opensecret | All Done!
|
22
29
|
|
23
|
-
|
30
|
+
You are done setting up opensecret with just 5 commands. *Simple* means less mistakes, less confusion and therefore more secure. Let's recap on the 5 configurations
|
24
31
|
|
25
|
-
|
32
|
+
- <tt>keydir</tt> » best practise is a +usb key drive+ with your **actual keys**
|
33
|
+
- <tt>name</tt> » single word lowercase and short - how your peers call you
|
34
|
+
- <tt>email</tt> » email address (validation scheduled for end of March 2018)
|
35
|
+
- <tt>domain</tt> » +joe@home+ if single or a team like +it-dept@ibm.com+
|
36
|
+
- <tt>store</tt> » a Git project URL to hold your encrypted secret material
|
26
37
|
|
27
|
-
|
38
|
+
The +opensecret init+ command
|
28
39
|
|
29
|
-
|
40
|
+
- creates a 8192 bit uncrackable private key
|
41
|
+
- collects a human password and creates a machine password
|
42
|
+
- locks the private key with a minimum 64 character amalgamated password
|
43
|
+
- locks the public key's fingerprint making it tamper proof
|
44
|
+
- creates a base directory on your backend store
|
30
45
|
|
31
|
-
|
46
|
+
Now you are ready to begin locking and unlocking and soon, you'll be able to request a secret (like a WiFi or NetFlix password) from others in your group. You too can either acquiesce (or reject) requests from your colleagues, friends and family.
|
47
|
+
|
48
|
+
|
49
|
+
One Lock | Two Keys
|
50
|
+
-------------------
|
32
51
|
|
33
52
|
With suitcases, the key that locks the suitcase also opens it.
|
34
53
|
|
@@ -36,10 +55,10 @@ In cryptography - you have two keys. You give out your public key and anyone can
|
|
36
55
|
|
37
56
|
The safest place to put your private key is on a USB key drive which you carry around with your real keys. And to top it all - a password that only you know is used to lock your private key.
|
38
57
|
|
39
|
-
|
40
|
-
|
58
|
+
For scripts that cannot stop and wait for user input - keys can optionally be created with a password given at the command line.
|
59
|
+
|
60
|
+
$ opensecret init --password="p455w0rd.!0NDUN"
|
41
61
|
|
42
|
-
The create keys command will ask you for a secure password - enter that and you are ready to start locking, unlocking, asking for - and best of all - telling - lots of juicy secrets. Some secrets are so juicy, they just have to burst.
|
43
62
|
|
44
63
|
opensecret configuration
|
45
64
|
------------------------
|
@@ -94,9 +113,15 @@ It is much more secure to beg for a secret than just have someone reveal it. Whe
|
|
94
113
|
|
95
114
|
Any hijacker will need access to a great many things and be very precise with their timing in order to serrupticiously subvert the system.
|
96
115
|
|
97
|
-
### Usage
|
98
116
|
|
99
|
-
|
117
|
+
|
118
|
+
### opensecret | Summary
|
119
|
+
|
120
|
+
You can use opensecret alone or you can use it to share secrets with colleagues, friends and family, even machines.
|
121
|
+
|
122
|
+
Every domain is tied to backend storage which is accessible by you and others in your domain. You can use Git, S3, a networked filesystem or shared drive, a SSH accessible filesystem and soon, free storage from +opensecret.io+
|
123
|
+
|
124
|
+
|
100
125
|
|
101
126
|
### Development
|
102
127
|
|
data/Rakefile
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
require "bundler/gem_tasks"
|
2
2
|
require "rake/testtask"
|
3
|
+
require 'yard'
|
3
4
|
|
5
|
+
# -
|
6
|
+
# - This configuration allows us to run "rake test"
|
7
|
+
# - and invoke minitest to execute all files in the
|
8
|
+
# - test directory with names ending in "_test.rb".
|
9
|
+
# -
|
4
10
|
Rake::TestTask.new(:test) do |t|
|
5
11
|
t.libs << "test"
|
6
12
|
t.libs << "lib"
|
@@ -8,3 +14,12 @@ Rake::TestTask.new(:test) do |t|
|
|
8
14
|
end
|
9
15
|
|
10
16
|
task :default => :test
|
17
|
+
|
18
|
+
# -
|
19
|
+
# - This configuration allows us to run "rake yard"
|
20
|
+
# - to build documentation.
|
21
|
+
# -
|
22
|
+
YARD::Rake::YardocTask.new do |t|
|
23
|
+
t.files = ['lib/**/*.rb']
|
24
|
+
t.stats_options = ['--list-undoc']
|
25
|
+
end
|
data/lib/opensecret.rb
CHANGED
data/lib/opensecret/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: opensecret
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Apollo Akora
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-02-
|
11
|
+
date: 2018-02-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: inifile
|
@@ -159,7 +159,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
159
159
|
version: '0'
|
160
160
|
requirements: []
|
161
161
|
rubyforge_project:
|
162
|
-
rubygems_version: 2.5.
|
162
|
+
rubygems_version: 2.5.1
|
163
163
|
signing_key:
|
164
164
|
specification_version: 4
|
165
165
|
summary: opensecret locks and unlocks secrets in a simple, secure and intuitive way.
|