What is ssh-vault?
A command line tool (cli) for creating encrypted files “vaults” using ssh rsa keys for encrypt/decrypt.
A vault password is encrypted using the public ssh key of the receiver and the main data of the vault using AES256, in order to see/decrypt the vault contents, the receiver will need to use his private key & password in case of needed to be available to edit/view the contents.
You can learn more about generating an SSH key here: https://help.github.com/articles/generating-an-ssh-key/
Because of the need to share sensitive data without the need to share a password.
When working with multiple teams either for testing or for deploying something at one point there is always the need to share a database password, HTTP auth credentials, tokens etc; the most common way of doing this is by just sending the “secret” plan within any chat.
In many cases the use PGP is required but this take a time to exchange public keys, besides certain knowledge and understanding is required in order to properly exchange the “secret”.
Here is when ssh-vault comes into action, follow the same principle of PGP but simplifies the exchange process, therefore, helps to exchange “secrets” fast and in a secure way.
The exchange off the public keys is done or taken granted from the existing version control system used in the team, by default ssh-vault defaults to Github.
Basically ssh-vault delegates the pre-sharing phase of the keys to the
version control system, at the end if
user A wants so send something to
user B and both use the Github for example, it is straight forward to just
send a secure “secret” without need to pre-handshake:
echo "secret" | ssh-vault -u alice create