safe

Password protected secret keeper
git clone git://git.z3bra.org/safe.git
Log | Files | Refs | README | LICENSE

safe.1 (2246B)


      1 .Dd 2019-02-20
      2 .Dt SAFE 1
      3 .Os POSIX.1-2017
      4 
      5 .Sh NAME
      6 .Nm safe
      7 .Nd Digital safe for your secrets
      8 
      9 .Sh SYNOPSIS
     10 .Nm
     11 .Op Fl hr
     12 .Op Fl s Ar prompt
     13 .Op Fl s Ar safe
     14 .Op Fl a
     15 .Ar secret
     16 
     17 .Sh DESCRIPTION
     18 .Nm
     19 stores secrets (files) encrypted on your disk, and lets you retrieve them,
     20 given that you have the right password.
     21 .El
     22 .Bl -tag -width Ds
     23 .It Ar secret
     24 Decrypt file
     25 .Ar secret
     26 from your safe to stdout.
     27 .It Fl h
     28 Print a quick usage text.
     29 .It Fl r
     30 Remember the password. The variable
     31 .Ev SAFE_SOCK
     32 must be set and point to the UNIX-domain socket bound by a running agent
     33 (see AGENT).
     34 .It Fl p Ar prompt
     35 Prompt user for password using text
     36 .Ar prompt .
     37 (default: "password:")
     38 .It Fl s Ar safe
     39 Set the path to your safe as
     40 .Ar safe .
     41 (default: .secrets)
     42 .It Fl a Ar secret
     43 Encrypt stdin to your safe as
     44 .Ar secret .
     45 .It Fl k
     46 Prompt user for password using an external program (see: SAFE_ASKPASS).
     47 
     48 .Sh AGENT
     49 When the agent is started,
     50 .Nm
     51 can retrieve the key from it rather than prompting you for a password.
     52 .Nm
     53 will try to read the key from the agent whenever the
     54 .Ev SAFE_SOCK
     55 variable is set in the environment.
     56 .Pp
     57 When the agent is first started, you can push the key to it using the
     58 .Fl p
     59 flag.
     60 
     61 .Sh MASTER PASSWORD
     62 When you add your first secret to the safe, a
     63 .Ar master
     64 entry will be created automatically. This entry stores your master
     65 password, and is used to check that you typed the master password
     66 correctly on the next calls.
     67 .Pp
     68 Do not delete this entry as it could lead to a corrupted safe.
     69 
     70 .Sh EXAMPLES
     71 .Bd -literal
     72 Store a secret in your safe
     73 
     74 	$ safe -a secret/file < kitten.gif
     75 
     76 List all secrets in $STORE (choose your weapon)
     77 
     78 	$ tree --noreport $STORE
     79 	$ find $STORE -type f
     80 	$ ls -R $STORE
     81 	$ tar -C $STORE -v -f /dev/null -c . | cut -d / -f 2-
     82 
     83 Retrieve a secret from your safe
     84 
     85 	$ safe secret/file > kitten.gif
     86 	password:
     87 
     88 .Sh ENVIRONMENT
     89 .Bl -tag -width "SAFE_SOCK"
     90 .It Ev SAFE_DIR
     91 Defines the location of your safe (default: .secrets)
     92 .It Ev SAFE_SOCK
     93 Path to the UNIX-domain socket used to communicate with the agent.
     94 .It Ev SAFE_ASKPASS
     95 If no TTY is available, the program specified by this variable will be
     96 used to read the master password (default: thingaskpass)
     97 
     98 .Sh AUTHORS
     99 .An Willy Goiffon Aq Mt dev@z3bra.org