{"id":22253443,"url":"https://github.com/42loco42/sillysecrets","last_synced_at":"2025-03-25T12:25:06.730Z","repository":{"id":265939626,"uuid":"896869260","full_name":"42LoCo42/sillysecrets","owner":"42LoCo42","description":"The silliest secret manager! :3","archived":false,"fork":false,"pushed_at":"2025-03-19T12:12:10.000Z","size":105,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-19T13:24:58.960Z","etag":null,"topics":["libsodium","secret-management","secrets","secrets-manager"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/42LoCo42.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-01T14:03:16.000Z","updated_at":"2025-03-19T12:12:00.000Z","dependencies_parsed_at":"2024-12-01T17:35:11.768Z","dependency_job_id":"28e3d1f1-bb43-4c0e-a6d4-7f1825417484","html_url":"https://github.com/42LoCo42/sillysecrets","commit_stats":null,"previous_names":["42loco42/sillysecrets"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42LoCo42%2Fsillysecrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42LoCo42%2Fsillysecrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42LoCo42%2Fsillysecrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/42LoCo42%2Fsillysecrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/42LoCo42","download_url":"https://codeload.github.com/42LoCo42/sillysecrets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245460199,"owners_count":20619022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["libsodium","secret-management","secrets","secrets-manager"],"created_at":"2024-12-03T07:18:25.596Z","updated_at":"2025-03-25T12:25:06.718Z","avatar_url":"https://github.com/42LoCo42.png","language":"Go","readme":"* sillysecrets\nThe silliest secret manager! :3\n\nA tree-oriented secret storage tool,\ninspired by [[https://github.com/FiloSottile/age][age]] and [[https://github.com/getsops/sops][sops]] and using [[https://doc.libsodium.org/][libsodium]] for encryption.\n\nbtw the command is named =sesi= because that sounds more silly :3\n\n** The structure tree\nThis is where you'll declare your secrets,\nspecify recipients and configure their relationships.\n\nUsing YAML, define an arbitrary tree of nodes\nwhose names must match the regex =[a-zA-Z0-9-._]=.\nAll leaf nodes are secrets and can be assigned a value using the [[#edit-e][edit]] subcommand.\n\nEvery node can receive the following special properties:\n- =:key=: A public key; shorthand for adding it to...\n- =:keys=: A list of public keys. Having these makes this node eligible for...\n- =:import=: A list of node names whose secrets to import,\n  i.e. make accessible to this node's set of =:keys= too.\n  If you want the inverse, there's also...\n- =:export=: A list of node names to export this node's secrets to,\n  i.e. make them accessible to *that* node's set of =:keys=.\n\nWhile exports are just aliases,\n(node A exports to B → B imports from A),\nimports operate recursively on their targets:\nIf node A imports from B, which itself imports from C or has a child that does so,\nA will effectively import from C too.\n\nThis is a powerful mechanism for building hierarchical secret structures, e.g.\nan admin who has access to a machine\nthat includes various user and service secrets\ngains access to these secrets too (in order to manage them).\n\nHave a look at the [[file:example.yaml][example]] tree!\n\n** Subcommands\nListed in rough order of importance together with their single-letter aliases.\n\n*** edit (e)\nEdit or create a secret.\nIf stdin is a pipe, it will be read into the secret, overwriting it.\nOtherwise, [[https://man.archlinux.org/man/vipe.1][vipe]] will be started \u0026 given the current value of the secret\n(or nothing if it was just created) as input.\n\n*** decrypt (d)\nDecrypt a secret to stdout.\n\n*** check (c)\nEnsure congruency between structure and storage.\nThis compares the recipient set of every storage entry\nwith the expected key set as derived from the structure tree.\nIf there is a mismatch, the entry will be adjusted accordingly\n\n*** rekey (r)\nRegenerate the internal shared key of some secrets.\n\n*** keygen (k)\nGenerate some secret key files.\nYou can also use basically any file as a key\n(e.g. your SSH keys, which will be loaded by default).\nThe actual secret key is derived from the file data using [[https://en.wikipedia.org/wiki/Argon2][Argon2id]].\n\n*** public (p)\nPrint public keys corresponding to some secret key files.\nIf only a single file is given, print only the public key.\nOtherwise, print the public keys together with their respective path,\nseparated by a space.\n\n*** tree (t)\nView the entire tree after validation.\nThis is mostly useful for debugging your import \u0026 export rules.\nAll key sets will be expanded to include their parent's keys, unless the flag -x is given.\nThen, all keys that occur as a =:key= property in a node will be replaced\nby that node's uppercased name, unless the flag -n is given.\n\n*** dump (u)\nDump all accessible secrets into a folder.\nThis exists primarily for the [[https://github.com/42LoCo42/aquaris][Aquaris]] [[https://github.com/42LoCo42/aquaris/blob/main/module/secrets.nix][secrets]] module,\nbut maybe you'll find it useful too?\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F42loco42%2Fsillysecrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F42loco42%2Fsillysecrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F42loco42%2Fsillysecrets/lists"}