/cred

a little tool to query GPG encrypted YAML files

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

cred: an encrypted repository for account management

cred is a tool to enable easy manipulation of a directory tree populated with GnuPG encrypted YAML.

Examples

  • Get data from stores

    • Retrieve key value pairs from a named store

          $ cred get example.com username password
          username: foobar
          password: quuxxyzzy
      
    • Retrieve the entire set of data from a store

          $ cred get example.com
          username: foobar
          password: quuxxyzzy
          uri: https://example.com/login
      
    • List attributes in a store

          $ cred get --keys example.com
          uri
          username
          password
      
  • Create new stores

      $ cred add example.com
      Password:
      Add which keys? [username, password]:
      username: foobar
      password: quuxxyzzy
      
      Saved cred is...
      password: quuxxyzzy
      username: foobar
    
  • Modify existing credentials for a domain

  • Using directories to namespace credentials under the configured credential path

  • Listing credentials

  • gpg-agent support

Requirements

You also might like...

  • Some 'key: value' type stuff (like login information) you want to encrypt with keys on your GPG keyring
  • gnupg.vim A nice vim plugin for creating and modifying gpg encrypted text files.

Setup

  1. Clone the repository:

     git clone https://github.com/maxrp/cred.git && cd cred
    
  2. Install the script:

     python setup.py install --user
    
  3. Copy the example config to it's proper place:

     cp ./examples/credconf.yaml ~/.credconf.yaml 
    
  4. Edit ~/.credconf.yaml. Namely:

    • Set "gpg_home" to the right value
    • Set "credentials" to the place you would like to store these credentials. If the directory does not exist, it will be created.
    • Set "default_key" to the UID of key you want to sign with, i.e. "Bob" or "Bob Dobbs" or "Bob Dobbs <bob@dobbs.com>"
    • Add UIDs of trusted keys to default_recipients, if you like (the default_key will be appended to this list automatically)
  5. Make sure you have ~/.local/bin in your path.

  6. Try it out!

     cred --help
     cred add example.net
     cred get --keys example.net
     cred get example.net password
     cred add alter-ego/example.net
     cred modify alter-ego/example.net
     cred get
    
  7. cat lib/bash_completion.sh >> .bashrc or whatever; for local completions I have a ~/.bash_completions which is sourced in my .bashrc and it's not an awful way to deal with personal completion preferences.

Tips

The quickest way to get a workable gpg-agent environment for any scenario:

    gpg-agent --pinentry-program /usr/bin/pinentry-curses --daemon /bin/bash