README
¶
EnDeFi
Encrypt Decrypt Files
Goal
Encrypt and decrypt files use a secret key. Secret key can come from:
- env var (ENDEFI_SECRET_KEY)
- local yaml file ($HOME/.endefi/secret.yaml)
- bitwarden ?
How to build EnDeFi ?
As it is a simple Golang application just run the command as below:
go build -o endefi main.go
And then move endefi binary to your $PATH. For example for me:
mv endefi ~/bin/
Usage
With ENV Vars
At this point ENDEFI only supports env vars to get external secret provider and secret key. To use ENDEFI with env vars, you have to generate a secret key first:
endefi keygen
2024/06/10 10:39:02 Starting EnDeFi
2024/06/10 10:39:02 Generate a new secret Key: ce8f829cc257b910ac11cf9fe57f3ea4d2811ff06b3b47e8f41149be56f234b7
And then setup env vars as below:
export ENDEFI_SECRET_PROVIDER=env
export ENDEFI_SECRET_KEY=ce8f829cc257b910ac11cf9fe57f3ea4d2811ff06b3b47e8f41149be56f234b7
With Secret file
Create a secret file $HOME/.endefi/secret.yaml:
To use local secret file, you have to set env var ENDEFI_SECRET_PROVIDER to local:
export ENDEFI_SECRET_PROVIDER=local
mkdir ~/.endefi
touch ~/.endefi/secret.yaml
chmod 600 ~/.endefi/secret.yaml
Add your secret key to $HOME/.endefi/secret.yaml:
key: ce8f829cc257b910ac11cf9fe57f3ea4d2811ff06b3b47e8f41149be56f234b7
provider: local
Examples
I assume you already run the requirement above. First let's use a text file /tmp/lorem.txt:
cat /tmp/lorem.txt
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
File
Run endefi to encrypt this file:
endefi encrypt -f /tmp/lorem.txt
2024/06/10 10:44:30 Starting EnDeFi
2024/06/10 10:44:30 Encrypt a new file: /tmp/lorem.txt
Let's see how lorem.txt looks like now:
cat /tmp/lorem.txt
y��20Vk�T��#}Ɓa�-h2,�4W��O��o6̃S�Dcr��� +�B_.�0ck} �31GS�`�y �)T7�&;iL �a&�s>A��KΣ�~jbU\»v��%Szy��(ܷ�;N
s+�2�h.PÜ�6@:$e`'�ԧx"f�IGN��)b]NXr��
Ip1F
��B0�f+%
And now decrypt this encrypted file:
endefi decrypt -f /tmp/lorem.txt
2024/06/10 10:45:44 Starting EnDeFi
2024/06/10 10:45:44 Decrypt a new file: /tmp/lorem.txt
Verify lorem.txt is now a plain text file:
cat /tmp/lorem.txt
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Directory
Let's create the following tree:
/tmp/demo/
├── dir1
│ ├── file11
│ └── file12
├── dir2
│ ├── file21
│ └── file22
├── file1
└── file2
Each file content its own name:
cat /tmp/demo/file1
file1
cat /tmp/demo/dir2/file21
file21
Let's encrypt /tmp/demo without recursive mode:
endefi encrypt -d /tmp/demo
2024/06/13 09:50:11 Starting EnDeFi
2024/06/13 09:50:11 Encrypt a new directory: /tmp/demo
2024/06/13 09:50:11 Encrypt a new file: /tmp/demo/file1
2024/06/13 09:50:11 Encrypt a new file: /tmp/demo/file2
Let's check /tmp/demo/file1 content:
cat /tmp/demo/file1
4@9)�Zt3#O@�DZDzHA�*%
Decrypt /tmp/demo:
endefi decrypt -d /tmp/demo
2024/06/13 09:51:26 Starting EnDeFi
2024/06/13 09:51:26 Decrypt a new directory: /tmp/demo
2024/06/13 09:51:26 Decrypt a new file: /tmp/demo/file1
2024/06/13 09:51:26 Decrypt a new file: /tmp/demo/file2
Verify:
cat /tmp/demo/file1
file1
Let's encrypt /tmp/demo with recursive mode:
endefi encrypt -d /tmp/demo -r
2024/06/13 08:43:40 Starting EnDeFi
2024/06/13 08:43:40 Encrypt all files recursively within /tmp/demo
2024/06/13 08:43:40 Encrypt a new file: /tmp/demo/dir1/file11
2024/06/13 08:43:40 Encrypt a new file: /tmp/demo/dir1/file12
2024/06/13 08:43:40 Encrypt a new file: /tmp/demo/dir2/file21
2024/06/13 08:43:40 Encrypt a new file: /tmp/demo/dir2/file22
2024/06/13 08:43:40 Encrypt a new file: /tmp/demo/file1
2024/06/13 08:43:40 Encrypt a new file: /tmp/demo/file2
Verify:
cat /tmp/demo/dir2/file22
2εwY0� ���bD'%
Decrypt /tmp/demo:
endefi decrypt -d /tmp/demo -r
2024/06/13 08:44:42 Starting EnDeFi
2024/06/13 08:44:42 Decrypt all files recursively within /tmp/demo
2024/06/13 08:44:42 Decrypt a new file: /tmp/demo/dir1/file11
2024/06/13 08:44:42 Decrypt a new file: /tmp/demo/dir1/file12
2024/06/13 08:44:42 Decrypt a new file: /tmp/demo/dir2/file21
2024/06/13 08:44:42 Decrypt a new file: /tmp/demo/dir2/file22
2024/06/13 08:44:42 Decrypt a new file: /tmp/demo/file1
2024/06/13 08:44:42 Decrypt a new file: /tmp/demo/file2
Verify:
cat /tmp/demo/dir2/file22
file22
Roadmap
- MVP#1 : Build a cli to encrypt and decrypt files with a secret key from harcoded value
- MVP#2 : Use environment variable to get secret key.
- MVP#3 : Use file to get secret key
- MVP#4 : Encrypt all files within a directory (with or without recursive mode)
- MVP#5 : Add unit tests
Documentation
¶
Overview ¶
Copyright © 2024 Yannick Foeillet <bzhtux@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Source Files
Directories