GitHub - kpalatzky/microvault: Keep your secrets secret. Tool to manage secrets in your public and private repositories. :fire:

Keep your secrets secret. Tool to manage secrets in your public and private repositories.
THIS PROJECT IS STILL UNDER DEVELOPMENT - DO NOT USE IT FOR PRODUCTION USE

State of development

Feature	Done
microvault create	✔️
microvault get	✔️
microvault set	✔️
microvault generate	✔️
microvault list	✔️
microvault publish	❌
microvault open	❌
microvault close	❌

Get started

Installation

# TO BE DEFINED
# curl https://raw.githubusercontent.com/kpalatzky/microvault/master/src/main/resources/scripts/install.sh | sh

Usage

# create a new vault with given password at the given location
miva --password=password --file=./micro.vault create

# open a session to continues edit the vault. The command substitution is required to set a environment variable
$(miva --password=password --file=./micro.vault open -e) # MICRO_VAULT_SESSION=<SESSION_DATA>

# add data to the vault
miva set db.user Admin
miva generate db.password

miva set docker.user MicroVault
miva set docker.email [email protected]
miva set docker.password MicroVault123

# get data from the vault
miva get docker.password

# list content of the vault
miva list

# publish all data as environment variables
$(miva publish environment) # export DOCKER_PASSWORD=<docker.password>

# close the vault again
$(miva close) # MICRO_VAULT_SESSION=

# Use variable as command
MIVA="miva --password=password --file=./micro.vault"
$MIVA get docker.password
$MIVA publish kubernetes --parameter name=my-secrets

# open vault in interative mode
$MIVA open --interative
> get docker.password
> set docker.password Docker123
> exit

Encryption Modes

Mode	Encryption	Key Length	Public writable	Public readable
symmetric	`AES/GCM/NoPadding`	256	❌	❌
asymmetric	`RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING`	4096	✔️	❌
plain	-		✔️	✔️

Vault file

{
  "version": "1",
  "encryption": {
    "mode": "asymmetric", // asymmetric | symmetric | plain
    "salt": "<SALT_ENCODED>",
    "readKey": "<READ_KEY_ENCRYPTED>", // for asymmetric decryption
    "writeKey": "<WRITE_KEY_ENCRYPTED>", // for asymmetric encryption
    "key": "<READ_WRITE_KEY_ENCRYPTED>" // for asymmetric decryption/encryption
  },
  "data": {
    "<KEY>": "<ENCRYPTED_VALUE>"
  }
}

Development

Native Build

./gradlew build -Dquarkus.package.type=native -Dquarkus.native.container-build=true -Dquarkus.banner.enabled=false -Dquarkus.log.console.enable=false

UberJar / FatJar

 ./gradlew build  -Dquarkus.package.type=uber-jar -Dquarkus.banner.enabled=false -Dquarkus.log.console.enable=false

Name		Name	Last commit message	Last commit date
Latest commit History 98 Commits
.github		.github
gradle/wrapper		gradle/wrapper
src/main		src/main
.dockerignore		.dockerignore
.gitignore		.gitignore
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
LICENSE		LICENSE
README.md		README.md
SECURITY.md		SECURITY.md
build.gradle.kts		build.gradle.kts
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
micro.vault		micro.vault
settings.gradle.kts		settings.gradle.kts
sonar-project.properties		sonar-project.properties

License

kpalatzky/microvault

Folders and files

Latest commit

History

Repository files navigation

State of development

Get started

Installation

Usage

Encryption Modes

Vault file

Development

Native Build

UberJar / FatJar

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Languages