GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → alexandre-normand → safekeeper

alexandre-normand / safekeeper

Licence: MIT, MIT licenses found Licenses found MIT LICENSE MIT LICENSE.MD
Command-line tool integrating with go:generate to replace substitute tokens with ENV variables value.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

secret

Projects that are alternatives of or similar to safekeeper

Kubesec
Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)
Stars: ✭ 547 (+768.25%)
Mutual labels:  secret
Ksd
kubernetes secret decoder
Stars: ✭ 59 (-6.35%)
Mutual labels:  secret
Fugacious
OSSSM (awesome). Open source short-term secure messaging
Stars: ✭ 100 (+58.73%)
Mutual labels:  secret
Gg Shield
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+1023.81%)
Mutual labels:  secret
Real Time Public Chat
This program show how to create a public chat using javascript
Stars: ✭ 45 (-28.57%)
Mutual labels:  secret
Hidden Secrets Gradle Plugin
🔒 Deeply hide secrets on Android
Stars: ✭ 79 (+25.4%)
Mutual labels:  secret
Stegano
A pure Python steganography module.
Stars: ✭ 324 (+414.29%)
Mutual labels:  secret
Secretlint
Pluggable linting tool to prevent committing credential.
Stars: ✭ 239 (+279.37%)
Mutual labels:  secret
Get Aws Profile Bash
Fetch AWS keys and secrets from ~/.aws/credentials using a simple bash script
Stars: ✭ 49 (-22.22%)
Mutual labels:  secret
Bank Vaults
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
Stars: ✭ 1,316 (+1988.89%)
Mutual labels:  secret
Wavevote
Voting system based on Ethereum
Stars: ✭ 22 (-65.08%)
Mutual labels:  secret
Envchain
Environment variables meet macOS Keychain and gnome-keyring <3
Stars: ✭ 876 (+1290.48%)
Mutual labels:  secret
Secretserver
Secret Server PowerShell Module
Stars: ✭ 82 (+30.16%)
Mutual labels:  secret
Trufflehog
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Stars: ✭ 6,225 (+9780.95%)
Mutual labels:  secret
React Native Linkedin
🔗 React-Native LinkedIn, a simple LinkedIn login library for React-Native or Expo with WebView and Modal
Stars: ✭ 180 (+185.71%)
Mutual labels:  secret
Go Keyring
Cross-platform keyring interface for Go
Stars: ✭ 351 (+457.14%)
Mutual labels:  secret
Talisman
By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.
Stars: ✭ 1,155 (+1733.33%)
Mutual labels:  secret
secret
A tiny secret store to keep your little secrets
Stars: ✭ 52 (-17.46%)
Mutual labels:  secret
Wordpress Android
WordPress for Android
Stars: ✭ 2,601 (+4028.57%)
Mutual labels:  secret
Secret
send a message through a safe, private, and encrypted link that automatically expires to ensure your stuff does not remain online forever.
Stars: ✭ 83 (+31.75%)
Mutual labels:  secret
View All Similar Projects ➔

safekeeper

safekeeper is a command-line tool meant to help maintain your secrets (passwords, client ids/secrets) safe from your source.

It does a single thing and this is replacing all occurences of keys by the value mapped to the corresponding environment variable.

It works with go generate to replace tokens in your source code.

Why You Might Use safekeeper

First, if you have a better solution, don't!

If you can directly use env variables, that might be an easier and simpler solution. Unfortunately, Google App Engine won't allow this. An alternative for GAE might be to use the datastore to keep your secrets but that's sometimes cumbersome.

I use it personally because:

  1. I'm running on the Google App Engine which doesn't allow the use of env variables.
  2. I have many app secrets that would start to be cumbersome to manage via the datastore.
  3. I like a little more formal dev/contribution workflow than having to require contributors to create a file with a set of constants.

Example

Let's have all of our application secrets in one place. Let's put this in a secrets package. We'll need a <yourname>.go.safekeeper file that will serve as the template for the generated go code as well as a matching <yourname>.go file with the go:generate directive.

secrets.go:

package secrets
//go:generate safekeeper --output=appsecrets.go --keys=CLIENT_ID,CLIENT_SECRET $GOFILE

secrets.go.safekeeper:

package secrets

// AppSecrets is the source for all application secrets (client ids/secrets/passwords)
type AppSecrets struct {
    ClientId       string
    ClientSecret   string    
}

// NewAppSecrets returns the AppSecrets with all values set
func NewAppSecrets() *AppSecrets {
    appSecrets := new(AppSecrets)
    appSecrets.ClientId = "ENV_CLIENT_ID"
    appSecrets.ClientSecret = "ENV_CLIENT_SECRET"

    return appSecrets
}

Since you'd want to avoid committing the generate source with the resolved secrets, you'll want to have the generated file be in your .gitignore. We achieve this here by generating the output to a 3rd file called appsecrets.go (using the --output flag) in the same package.

Once ready, generate the resolved appsecrets by running go generate <path.to.secrets.package>

I'm currently using this in glukit so have a look there for an example of actual integration.

LICENSE

Licensed under MIT license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].