1 unstable release
Uses old Rust 2015
0.1.0 | Jun 16, 2017 |
---|
#14 in #secret-store
30KB
600 lines
Morocco
Store your secrets securely in the cloud.
Morocco is a command-line secrets store supporting AWS (implemented) and Google Cloud Platform (coming soon).
How to install
Download the latest binary from the releases page. There are binaries for Mac and Linux.
(Optional) put the binary somewhere on your $PATH
.
How to use
Initial setup
Before you can start storing secrets, you will need to run morocco aws setup
.
This will create a DynamoDB table and a KMS (Key Management Service) customer master key.
$ morocco aws setup
Set up complete. Created Dynamo table. Created customer master key.
Storing a secret
Use the "put" command to store a secret:
$ morocco aws put db.password so-very-secret
Stored secret.
Here db.password
is an identifier for the secret, and so-very-secret
is the value you want to store securely.
If a secret with that ID already exists and you want to update it, use the --overwrite
option:
$ morocco aws put --overwrite db.password new-value
Stored secret.
Getting a secret
$ morocco aws get db.password
new-value
Listing secrets
$ morocco aws list
db.password
other.secret
Deleting a secret
$ morocco aws delete db.password
Deleted secret.
Encryption
Secrets are encrypted using AES-256 in CBC (Cipher Block Chaining) mode with PKCS padding. IVs are secure random bytes.
Mole
Morocco Mole is the sidekick of Secret Squirrel, who knows a thing or two about security.
Acknowledgements
Morocco was inspired by credstash.
Dependencies
~21–31MB
~565K SLoC