Re: git-secret - store your private data inside a repository

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Have you seen the much older pwstore tool?
https://github.com/formorer/pwstore

It does have some notable features missing from git-secret and similar
tools to this day.
- Whitelist of trusted keys to detect addition of unexpected keys.
- Specify what users/groups have access to any given file (via a header
  in each file, which implies that the file must be plaintext).

I've wondered if storing metadata about the objects in notes might
improve matters: 
- a clearsigned block with verifiable readable data (eg who in a team
  can access)
- an encrypted block with the inner key (nice side effect that this
  separates versioning of the wrapped inner key from the versioning of
  the object).

This also a nice property that when you revoke/remove an outer (user)
key, can know implicitly the old secrets they had access to (which
should probably be rotated, as you don't know if they have a copy of
them outside of the system).

Yes, I'm aware of other system's like Hashicorp's Vault, but do
appreciate the simplicity of git-secret, pass [1], pwstore [2] and other
simpler tools.

[1] https://www.passwordstore.org/
[2] https://github.com/formorer/pwstore
    It's at least as old as the Git history indicates, possibly
	older, I don't know if the Git history included a full conversion of
	SVN history.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead, Foundation Trustee
E-Mail     : robbat2@xxxxxxxxxx
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]