The Vault is a command line file encryption tool. It performs symmetric AES encryption using passwords. All cryptographic actions rely on the sodiumoxide crate which itself is based on libsodium.
- encrypt / decrypt files
- receive data via stdin / send data to stdout
- encrypt / decrypt network traffic
- view encrypted file
- edit encrypted file
- read password from password file, environment variable, command line parameter or stdin
Available sub commands
thevault 0.1.0
A file encryption utility
USAGE:
thevault <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
SUBCOMMANDS:
decrypt Decrypts a message to a file or stdout
edit Opens an encrypted file in the default editor
encrypt Encrypts a message from a file or stdin
help Prints this message or the help of the given subcommand(s)
view Opens an encrypted file in the default pager
Available options and flags
thevault-encrypt 0.1.0
Encrypts a message from a file or stdin
USAGE:
thevault encrypt [FLAGS] [OPTIONS]
FLAGS:
-b, --base64 Write out the encrypted message as base64 encoded string
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-f, --file <file> File to encrypt [default: stdin]
-o, --outfile <outfile> Destination file [default: stdout]
-p, --password <password> Encryption password [default: stdin] [env: THEVAULTPASS]
-w, --password-file <password-file> Path to file storing the encryption password [env:
THEVAULTPASSFILE=]
Currently the way to install The Vault is via Cargo. This might change in the future when I found the time to do the packaging.
cargo install thevault
variable name | purpose | default value |
---|---|---|
EDITOR |
the text editor to be used when editing the vault | vim |
PAGER |
the pager to be used when viewing the vault | less |
THEVAULTPASS |
the password used to encrypt / decrypt the vault | None |
THEVAULTPASSFILE |
path to a file containing the encryption / decryption password | None |
When working with The Vault on a frequent basis it might become tedious to type the same password over and over again. There are several ways available to provide the password without repeatedly typing it.
head -c 32 /dev/random | base64 > ~/.thevaultpass
chmod 600 ~/.thevaultpass
thevault encrypt -i -w ~/.thevaultpass myprivatefile.txt
thevault decrypt -i -w ~/.thevaultpass myprivatefile.txt
export THEVAULTPASS=$(head -c 32 /dev/random | base64)
thevault encrypt -i myprivatefile.txt
thevault decrypt -i myprivatefile.txt
thevault encrypt -i -p mysecretpassword myprivatefile.txt # Caution: the password ends up in the shell history
thevault decrypt -i -p mysecretpassword myprivatefile.txt # Caution: the password ends up in the shell history
❯ cat <<END | thevault encrypt
Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
END
Password:
THEVAULTB64NDQ=e0uQ9vtxKucIiTMHqBaCi7tu3b26hEw4Xk4IvIQRadc=MjM2jVvSCWTJqCnlc3vetr5vYYo802VqEmmla40BJVlHeKjiA5wQFAYUB6LiWoej8Hh0RGnC/C6SyKfBpOTkx4VW6kY9uKwdipuTZkAUVaNB0NH2fcM0Ps5iXjQh+tcg18CDgLXLDnWH4DQm0rl10yGt3W9DLWUcpAgyW6aQPqnuWeKDbZo9zdr7zXD5AomFv2zPZcMDEN8vhU1AWqzHJXnEjudZOq+nCn5735Jn4ZC+hMY=
❯ cat zen.aes
THEVAULTB64NDQ=e0uQ9vtxKucIiTMHqBaCi7tu3b26hEw4Xk4IvIQRadc=MjM2jVvSCWTJqCnlc3vetr5vYYo802VqEmmla40BJVlHeKjiA5wQFAYUB6LiWoej8Hh0RGnC/C6SyKfBpOTkx4VW6kY9uKwdipuTZkAUVaNB0NH2fcM0Ps5iXjQh+tcg18CDgLXLDnWH4DQm0rl10yGt3W9DLWUcpAgyW6aQPqnuWeKDbZo9zdr7zXD5AomFv2zPZcMDEN8vhU1AWqzHJXnEjudZOq+nCn5735Jn4ZC+hMY=
❯ thevault decrypt -f zen.aes -o zen
Password:
❯ cat zen
Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
❯ nc -l 4000 &
❯ thevault encrypt -b -f tcp://127.0.0.1:9999 -o tcp://127.0.0.1:4000
Password:
On a different terminal
❯ echo "Hello World" | nc localhost 9999
❯ curl -s https://i.imgur.com/yC5yVwQ.jpeg | thevault encrypt -o cat.aes
Password:
❯ thevault decrypt -f cat.aes | display
Password: