README
¶
Scy secure secret store CLI client
Installation
Latest binary can be found in release section
On x64 OSX
wget https://github.com/viant/scy/releases/download/v0.1.0/scy_darwin_x64.tar.gz
tar xvzf scy_darwin_x64.tar.gz
cp scy /usr/local/bin
On x64 Linux
wget https://github.com/viant/scy/releases/download/v0.1.0/scy_linux_x64.tar.gz
tar xvzf scy_darwin_x64.tar.gz
cp scy /usr/local/bin
Usage
./scy -h
You can use any afs supported storage, also including the following secret store managers:
- GCP Google Secret Manager
i.e
"gcp://secretmanager/projects/my-project/secrets/my_secret" - AWS - Secret Manager
i.e
aws://secretmanager/us-west-1/secret/prod/my/mysecret1 - AWS - System Manager - Parameter
i.e
aws://ssm/us-west-1/parameter/myParamX
To use AWS make the following files are present
~/.aws/config
[default]
region = us-west-1
~/.aws/credentials
[default]
aws_access_key_id = KEY HERE
aws_secret_access_key = SECRET HERE
To use GCP auth
export GOOGLE_APPLICATION_CREDENTIALS=myGoogle.secret
Securing secrets
Text
scy -m=secure -d=gcp://secretmanager/projects/viant-e2e/secrets/my_raw_secret1 -k=blowfish://default -t=raw ```
Basic credential
The source and dest can by any file system including local FS.
./scy -m=secure -s=unsecure_cred.json -d=securet_cred.json -k=blowfish://default -t=basic
SHA1
scy -m=secure -s=mySHA1.json -d=gcp://secretmanager/projects/myProject/secrets/my_secret1 -k=blowfish://default -t=sha1
where mySHA1.json uses the following format
{"IntegrityKey":"base64encodedIntegrityKey","Key":"base64encodedKey"}
Revealing secrets
Text
scy -m=reveal -s=gcp://secretmanager/projects/viant-e2e/secrets/aw1test -k=blowfish://default -t=ra
Basic credential
The source and dest can by any file system including local FS.
./scy -m=reveal -s=securet_cred.json -k=blowfish://default -t=basic
SHA1
scy -m=reveal -s=gcp://secretmanager/projects/myProject/secrets/my_secret1 -k=blowfish://default -t=sha1
Documentation
¶
Index ¶
- func Auth(options *Options) error
- func AuthFirebase(options *Options) error
- func Reveal(options *Options) error
- func Run(args []string)
- func Secure(options *Options) error
- func SignJwtClaim(options *Options) error
- func VerifyFirebaseJwtClaim(ctx context.Context, options *Options) error
- func VerifyJwtClaim(options *Options) error
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthFirebase ¶ added in v0.9.0
func SignJwtClaim ¶ added in v0.2.1
func VerifyFirebaseJwtClaim ¶ added in v0.9.0
func VerifyJwtClaim ¶ added in v0.2.1
Types ¶
type Options ¶
type Options struct {
Mode string `short:"m" long:"mode" choice:"secure" choice:"reveal" choice:"signJwt" choice:"verifyJwt" choice:"auth"`
SourceURL string `short:"s" long:"src" description:"source location"`
RSAKey string `short:"r" long:"rsa" description:"private/public key location"`
HMacKey string `short:"a" long:"hmac" description:"hmac key location (base64 encoded)"`
DestURL string `short:"d" long:"dest" description:"dest location"`
ExpirySec int `short:"e" long:"expiry" description:"expiry TTL in sec"`
Firebase bool `short:"f" long:"firebase" description:"firebase"`
Target string `` /* 136-byte string literal not displayed */
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
ProjectId string `short:"p" long:"projectId" description:"project id"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.