ward is a bunch of bash scripts that will keep your secret files safe but also as accessible as you'd like. i designed it to use it dangerously within git. consider it digital safe for your sensitive files. it encrypts your stuff, keeps it integrity-checked, it is written in bash and it's pretty straightforward:
- encrypts your files using gpg
- lets you check if someone's messed with your encrypted stuff
- generates totp codes if you're storing those sorts of secrets and need to recover accounts
make sure you've got these installed:
- gpg
- oath-toolkit (for totp)
- bc (basic math and comes with most systems)
- install the essentials:
# ubuntu/debian
sudo apt-get install gnupg oath-toolkit bc
# osx/homebrew
brew install gnupg oath-toolkit
- clone the repository
git clone https://github.com/oeo/ward.git
cd ward
- decrypt the example vault.tar.gz.gpg
yarn decrypt # or ./bin/decrypt.sh
the default vault decryption password is letmein.
mkdir vault
echo 123 > vault/123.txt
yarn encrypt # or ./bin/encrypt.sh
here are the yarn commands you'll be using:
yarn encrypt: encrypt your vault directoryyarn decrypt: decrypt your encrypted vault fileyarn verify: verify the checksum of your vaultyarn totp <totp_secret>: generate a totp code using a secretyarn test: run unit tests
- throw whatever you want to encrypt into a folder called
vault - run
yarn encrypt - type in a passphrase
- boom, you've got yourself an encrypted
vault.tar.gz.gpg
- make sure
vault.tar.gz.gpgis where it should be - run
yarn decrypt - enter your passphrase
- your files will pop back into the
vaultfolder
run yarn verify to ensure the archive hasn't been tampered with
yarn totp <totp_secret>
yarn test
- the
vaultfolder doesn't self-destruct after encryption, clean up if you're paranoid- although it is included in the .gitignore, of course
if you're feeling lazy and a bit risky you can set WARD_PASSPHRASE in your environment.
mit