GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sorah → Envchain

sorah / Envchain

Licence: mit
Environment variables meet macOS Keychain and gnome-keyring <3

Programming Languages

c
50402 projects - #5 most used programming language

Labels

securitykeychainsecretcredentials

Projects that are alternatives of or similar to Envchain

vault-token-helper
@hashicorp Vault Token Helper for macOS, Linux and Windows with support for secure token storage and multiple Vault servers 🔐
Stars: ✭ 74 (-91.55%)
Mutual labels:  credentials, keychain
ghost
A simple, server/less, single-api, multi-backend, ghostly secret-store/key-store for your passwords, ssh-keys and cloud credentials. Ghost isn't real, it's just in your head.
Stars: ✭ 36 (-95.89%)
Mutual labels:  credentials, secret
Aws Vault
A vault for securely storing and accessing AWS credentials in development environments
Stars: ✭ 5,626 (+542.24%)
Mutual labels:  keychain, credentials
driftwood
Private key usage verification
Stars: ✭ 262 (-70.09%)
Mutual labels:  credentials, secret
Spraykatz
Credentials gathering tool automating remote procdump and parse of lsass process.
Stars: ✭ 578 (-34.02%)
Mutual labels:  credentials
Securepropertystorage
Helps you define secure storages for your properties using Swift property wrappers.
Stars: ✭ 379 (-56.74%)
Mutual labels:  keychain
Simplekeychain
A Keychain helper for iOS to make it very simple to store/obtain values from iOS Keychain
Stars: ✭ 360 (-58.9%)
Mutual labels:  keychain
Scavenger
Crawler (Bot) searching for credential leaks on different paste sites.
Stars: ✭ 347 (-60.39%)
Mutual labels:  credentials
Wavevote
Voting system based on Ethereum
Stars: ✭ 22 (-97.49%)
Mutual labels:  secret
Keychaincracker
macOS keychain cracking tool
Stars: ✭ 693 (-20.89%)
Mutual labels:  keychain
Prephirences
Prephirences is a Swift library that provides useful protocols and convenience methods to manage application preferences, configurations and app-state. UserDefaults
Stars: ✭ 548 (-37.44%)
Mutual labels:  keychain
Upash
🔒Unified API for password hashing algorithms
Stars: ✭ 484 (-44.75%)
Mutual labels:  credentials
Ellipticcurvekeypair
Sign, verify, encrypt and decrypt using the Secure Enclave
Stars: ✭ 589 (-32.76%)
Mutual labels:  keychain
Valet
Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
Stars: ✭ 3,712 (+323.74%)
Mutual labels:  keychain
Gg Shield
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (-19.18%)
Mutual labels:  secret
Go Keyring
Cross-platform keyring interface for Go
Stars: ✭ 351 (-59.93%)
Mutual labels:  secret
Trufflehog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Stars: ✭ 6,225 (+610.62%)
Mutual labels:  secret
Kubesec
Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
Stars: ✭ 547 (-37.56%)
Mutual labels:  secret
Mxtract
mXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (-43.04%)
Mutual labels:  credentials
Ios
Most usable tools for iOS penetration testing
Stars: ✭ 563 (-35.73%)
Mutual labels:  keychain
View All Similar Projects ➔

envchain - set environment variables with macOS keychain or D-Bus secret service

What?

Secrets for common computing environments, such as AWS_SECRET_ACCESS_KEY, are set with environment variables.

A common practice is to set them in shell's intialization files such as .bashrc and .zshrc.

Putting these secrets on disk in this way is a grave risk.

envchain allows you to secure credential environment variables to your secure vault, and set to environment variables only when you called explicitly.

Currently, envchain supports macOS keychain and D-Bus secret service (gnome-keyring) as a vault.

Don't give any credentials implicitly!

Requirement (macOS)

  • macOS
    • Confirmed to work on OS X 10.11 (El Capitan), macOS 10.12 (Sierra).
    • OS X 10.7 (Lion) or later is required, but not confirmed

Requirement (Linux)

  • readline
  • libsecret
  • D-Bus Secret Service
    • GNOME keyring is a common (and only?) implementation for it

Installation

From Source

$ make

$ sudo make install
(or)
$ cp ./envchain ~/bin/

Homebrew (OS X)

brew install envchain

Usage

Saving variables

Environment variables are set within a specified namespace. You can set variables in a single command:

envchain --set NAMESPACE ENV [ENV ..]

You will be prompted to enter the values for each variable. For example, we can set two variables... AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY here, within a namespace called aws:

$ envchain --set aws AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
aws.AWS_ACCESS_KEY_ID: my-access-key
aws.AWS_SECRET_ACCESS_KEY: secret

Here we define a single new variable within a different namespace:

$ envchain --set hubot HUBOT_HIPCHAT_PASSWORD
hubot.HUBOT_HIPCHAT_PASSWORD: xxxx

These will all appear as application passwords with envchain-NAMESPACE in the data store (Keychain in macOS, gnome-keyring in common Linux distros).

Execute commands with defined variables

$ env | grep AWS_ || echo "No AWS_ env vars"
No AWS_ env vars
$ envchain aws env | grep AWS_
AWS_ACCESS_KEY_ID=my-access-key
AWS_SECRET_ACCESS_KEY=secret
$ envchain aws s3cmd blah blah blah
⋮

$ envchain hubot env | grep AWS_ || echo "No AWS_ env vars for hubot"
No AWS_ env vars for hubot
$ envchain hubot env | grep HUBOT_
HUBOT_HIPCHAT_PASSWORD: xxxx

You may specify multiple namespaces at once, with separating by commas:

$ envchain aws,hubot env | grep 'AWS_\|HUBOT_'
AWS_ACCESS_KEY_ID=my-access-key
AWS_SECRET_ACCESS_KEY=secret
HUBOT_HIPCHAT_PASSWORD: xxxx

More options

--list

List namespaces that have been created

$ envchain --list
aws
hubot

--noecho

Do not echo user input

$ envchain --set --noecho foo BAR
foo.BAR (noecho):

--require-passphrase

Always ask for keychain passphrase

$ envchain --set --require-passphrase name

--no-require-passphrase

Do not ask for keychain passphrase

$ envchain --set --no-require-passphrase name

Screenshot

OS X Keychain

Seahorse (gnome-keyring)

Author

License

MIT License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].