Keep your secrets secret. Tool to manage secrets in your public and private repositories.
THIS PROJECT IS STILL UNDER DEVELOPMENT - DO NOT USE IT FOR PRODUCTION USE
| Feature | Done |
|---|---|
| microvault create | ✔️ |
| microvault get | ✔️ |
| microvault set | ✔️ |
| microvault generate | ✔️ |
| microvault list | ✔️ |
| microvault publish | ❌ |
| microvault open | ❌ |
| microvault close | ❌ |
# TO BE DEFINED
# curl https://raw.githubusercontent.com/kpalatzky/microvault/master/src/main/resources/scripts/install.sh | sh# create a new vault with given password at the given location
miva --password=password --file=./micro.vault create
# open a session to continues edit the vault. The command substitution is required to set a environment variable
$(miva --password=password --file=./micro.vault open -e) # MICRO_VAULT_SESSION=<SESSION_DATA>
# add data to the vault
miva set db.user Admin
miva generate db.password
miva set docker.user MicroVault
miva set docker.email [email protected]
miva set docker.password MicroVault123
# get data from the vault
miva get docker.password
# list content of the vault
miva list
# publish all data as environment variables
$(miva publish environment) # export DOCKER_PASSWORD=<docker.password>
# close the vault again
$(miva close) # MICRO_VAULT_SESSION=
# Use variable as command
MIVA="miva --password=password --file=./micro.vault"
$MIVA get docker.password
$MIVA publish kubernetes --parameter name=my-secrets
# open vault in interative mode
$MIVA open --interative
> get docker.password
> set docker.password Docker123
> exit| Mode | Encryption | Key Length | Public writable | Public readable |
|---|---|---|---|---|
| symmetric | AES/GCM/NoPadding |
256 | ❌ | ❌ |
| asymmetric | RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING |
4096 | ✔️ | ❌ |
| plain | - | ✔️ | ✔️ |
{
"version": "1",
"encryption": {
"mode": "asymmetric", // asymmetric | symmetric | plain
"salt": "<SALT_ENCODED>",
"readKey": "<READ_KEY_ENCRYPTED>", // for asymmetric decryption
"writeKey": "<WRITE_KEY_ENCRYPTED>", // for asymmetric encryption
"key": "<READ_WRITE_KEY_ENCRYPTED>" // for asymmetric decryption/encryption
},
"data": {
"<KEY>": "<ENCRYPTED_VALUE>"
}
}./gradlew build -Dquarkus.package.type=native -Dquarkus.native.container-build=true -Dquarkus.banner.enabled=false -Dquarkus.log.console.enable=false ./gradlew build -Dquarkus.package.type=uber-jar -Dquarkus.banner.enabled=false -Dquarkus.log.console.enable=false