#secret #yaml #encryption #gpg #public-key #server #file

nightly app culper

A tool to embedd encrypted secrets in yaml files

15 releases

Uses old Rust 2015

0.3.2 Dec 15, 2018
0.3.2-alpha.1 Dec 14, 2018
0.3.1-alpha.1 Nov 23, 2018
0.2.2-alpha.4 Nov 21, 2018
0.1.0 Sep 27, 2018

#2566 in Cryptography

GPL-3.0-or-later

48KB
1.5K SLoC

culper

Build StatusCoverage Status

culper makes your secrets versionable. culper stores and reads gpg encrypted secrets in your yaml-file. This allows you to safely check your yaml files into your version control and distribute deployment-files between developers without exposing the secret.

Idea

The idea behind culper stems from a very specific use-case: I want to store my docker-compose files in some kind of version control without exposing the secrets in them. To achieve this, the server part of culper generates a pair of gpg keys and makes its public key accessible via http. The client part then uses the public key to encrypt the secret and store it in your yaml file.

During the deployment phase culper then uses gpg to decrypt the values and you can start your application.

Culper comes with following advantages:

  • Passwordless en- & decryption of secrets
  • Stateless deployment of your services (everything is in your yaml)
  • Coming Soon: Need secrets for multiple endpoints? Easy, just declare them as recipients

Todo

  • Improve & document Setup flow
  • build dockerfile for server
  • security audit (e.g. fix passing request signature directly to cmd!)
  • more tests!
  • add commands for adding and removing users
  • Improve README
  • Logo

Dependencies

~32–43MB
~756K SLoC