🌰 ssh-vault


What is ssh-vault?

A command line tool (cli) for creating encrypted files “vaults” using ssh rsa keys for encrypt/decrypt.

A vault password is encrypted using the public ssh key of the receiver and the main data of the vault using AES256, in order to see/decrypt the vault contents, the receiver will need to use his private key & password in case of needed to be available to edit/view the contents.

You can learn more about generating an SSH key here: https://help.github.com/articles/generating-an-ssh-key/

Why ?

Because of the need to share sensitive data without the need to share a password.

When working with multiple teams either for testing or for deploying something at one point there is always the need to share a database password, HTTP auth credentials, tokens etc; the most common way of doing this is by just sending the “secret” plan within any chat.

In many cases the use PGP is required but this take a time to exchange public keys, besides certain knowledge and understanding is required in order to properly exchange the “secret”.

Here is when ssh-vault comes into action, follow the same principle of PGP but simplifies the exchange process, therefore, helps to exchange “secrets” fast and in a secure way.

The exchange off the public keys is done or taken granted from the existing version control system used in the team, by default ssh-vault defaults to Github.

Basically ssh-vault delegates the pre-sharing phase of the keys to the version control system, at the end if user A wants so send something to user B and both use the Github for example, it is straight forward to just send a secure “secret” without need to pre-handshake:

echo "secret" | ssh-vault -u alice create

asciicast

comments powered by Disqus