{"id":13746707,"url":"https://github.com/miquella/vaulted","last_synced_at":"2025-10-21T04:51:07.632Z","repository":{"id":28676004,"uuid":"32195795","full_name":"miquella/vaulted","owner":"miquella","description":"Spawning and storage of secure environments","archived":false,"fork":false,"pushed_at":"2024-03-20T02:15:44.000Z","size":622,"stargazers_count":255,"open_issues_count":34,"forks_count":30,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-09-14T03:56:43.947Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/miquella.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-14T04:26:09.000Z","updated_at":"2025-08-21T21:54:40.000Z","dependencies_parsed_at":"2024-01-13T01:39:46.359Z","dependency_job_id":"733700b2-89ed-47cc-8e6c-f19a74ddeedc","html_url":"https://github.com/miquella/vaulted","commit_stats":{"total_commits":261,"total_committers":13,"mean_commits":"20.076923076923077","dds":"0.34099616858237547","last_synced_commit":"389cd83d3f7e1b88805a4255ad08957b280e1a6a"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/miquella/vaulted","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/miquella%2Fvaulted","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/miquella%2Fvaulted/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/miquella%2Fvaulted/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/miquella%2Fvaulted/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/miquella","download_url":"https://codeload.github.com/miquella/vaulted/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/miquella%2Fvaulted/sbom","scorecard":{"id":648978,"data":{"date":"2025-08-11","repo":{"name":"github.com/miquella/vaulted","commit":"389cd83d3f7e1b88805a4255ad08957b280e1a6a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":8,"reason":"Found 22/26 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"16 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0391 / GHSA-6jvc-q2x7-pchv / GHSA-76wf-9vgp-pj7w","Warn: Project is vulnerable to: GO-2022-0635 / GHSA-7f33-f4f5-xwgw","Warn: Project is vulnerable to: GO-2022-0646 / GHSA-f5pg-7wfw-84q9","Warn: Project is vulnerable to: GO-2024-2947 / GHSA-v6v8-xj6m-xwqh","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2024-2631 / GHSA-c5q2-7r4c-mv6g"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T12:56:18.767Z","repository_id":28676004,"created_at":"2025-08-21T12:56:18.768Z","updated_at":"2025-08-21T12:56:18.768Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280207180,"owners_count":26290616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T06:00:59.222Z","updated_at":"2025-10-21T04:51:07.597Z","avatar_url":"https://github.com/miquella.png","language":"Go","funding_links":[],"categories":["Go","Uncategorized"],"sub_categories":["Uncategorized"],"readme":"vaulted\n=======\n\nSpawn environments from securely stored secrets.\n\nWith so many secrets floating around in our modern lives, it's a wonder we're\nable to keep track of any of them!\n\n`vaulted` allows you to create vaults of related secrets and then spawn\nsessions with these secrets. Vaults can contain secure environment\nvariables, AWS credentials, or SSH keys (RSA, DSA, \u0026 ECDSA).\n\n`vaulted` also attempts to insulate spawned environments from other\nenvironments on the system. Temporary AWS credentials are created for each\nsession as well as a new SSH agent. The SSH agent still allows access keys in\nthe parent environment's SSH agent, but any keys added inside the spawned\nenvironment are only available in the that environment.\n\nInstallation\n------------\n\n### macOS\n\nThe easiest way to install `vaulted` on macOS is through\n[Homebrew](http://brew.sh/).\n\n```sh\nbrew install vaulted\n```\n\n### Linux\n\nIf you already have [Linux Brew](http://linuxbrew.sh/) installed\n\n```sh\nbrew install vaulted\n```\n\nIf you do not use Linux Brew, you will need to [build vaulted manually](#manual).\n\n### Manual\n\nInstallation on other platforms should be simple enough through `go install` as\nlong as you have a proper Go environment setup:\n\n```sh\ngo install github.com/miquella/vaulted@latest\n```\n\nDon't forget to add `$GOPATH/bin` to your `$PATH`! You must be running go version\n1.12 or greater.\n\nGetting Started\n---------------\n\n`vaulted` is oriented around vaults of secrets that are used to spawn\nenvironments. To get started, add a new vault:\n\n```sh\nvaulted add my-vault\n```\n\nThis will start an interactive editing mode that will help you create your\nfirst vault. AWS keys, SSH keys, and arbitrary environment variables can be\nadded to the vault. Once you have your vault arranged how you would like, use\n`q` to exit the interactive mode and save the vault to disk.\n\nWhile editing a vault, `Ctrl+C` may be used to discard changes to the\nvault.\n\nNow that your vault has been saved, the list of vaults will reflect your newly\nsaved vault:\n\n```sh\nvaulted ls\n```\n\nAnd you can use `vaulted` to spawn a command in an environment generated from\nthe secrets stored in the vault:\n\n```sh\nvaulted -n my-vault -- aws s3 ls\n```\n\nSometimes it is useful to be able to issue multiple commands that require the\nvault's secrets. In this case, you can spawn an interactive shell:\n\n```sh\nvaulted shell my-vault\n```\n\n_**Warning!** Leaving interactive shells with your credentials loaded can be\ndangerous as you may inadvertently provide credentials to an application you\ndidn't intend!_\n\nFile Locations\n--------------\n\nVaults and cached sessions are stored according to the [XDG Base Directory Specification][xdg].\n\n**Vault** files are stored in:\n\n* `$XDG_DATA_HOME/vaulted/` _(typically `~/.local/share/vaulted/`)_\n* `$XDG_DATA_DIRS/vaulted/` _(typically `/usr/local/share` and `/usr/share`)_\n\nVault files are written to `$XDG_DATA_HOME/vaulted/`. To backup your Vaulted data, all files in\nthis directory should be backed up. Session cache files do not need to be retained.\n\n**Session** cache files are stored in:\n\n* `$XDG_CACHE_HOME/vaulted/` _(typically `~/.cache/vaulted/`)_\n\n[xdg]: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html\n\nUsing Vaulted from other software\n---------------------------------\n\nAn `env` subcommand has been included with the intention of supplying machine\nreadable output for integration with shells and shell utilities. Every effort\nhas been made to supply meaningful return codes on failures along with a\ndescription of what has gone wrong. See `vaulted(1)` for details on the return\nvalues to expect and their meanings.\n\nGoing Further\n-------------\n\nWhile `vaulted` supports basic modification methods like copying, editing, and\nremoving, more advanced methods such as JSON-formatted dumping and loading are\nalso available. An environment can even be loaded into a running shell! See\n`vaulted --help` for available commands.\n\nSpawned Environment\n-------------------\n\nIn addition to including secrets stored in the vault, spawned environments also\ninclude environment variables that describe how the session and environment\nwere spawned. See `vaulted-env(1)` and `vaulted-shell(1)` for details.\n\nGUI Password Prompts\n--------------------\n\nGUI-based password prompts can be used by setting the `VAULTED_ASKPASS`\nvariable. See [`vaulted(1)`](doc/vaulted.1.md) for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmiquella%2Fvaulted","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmiquella%2Fvaulted","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmiquella%2Fvaulted/lists"}