Experimental sensitive data storage tool for Node.js.
Switch branches/tags
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


gpgstore: experimental credential storage utility

v0.3.1 - Experimental

gpgstore is a utility to help securely store lists of credentials in separately encrypted 'tiers'. The first tier has access to all the data - each subsequent tier loses a level of access, and each tier's file can be encrypted with a separate gpg key.


gpgstore is in an early experimental state, but is currently functioning and usable. The user must install GnuPG and make sure it is available on their PATH before gpgstore can function properly.

gpgstore can be installed via GitHub:

 git clone git://github.com/AvianFlu/gpgstore.git


 usage: gpgstore [command] [arguments]

Available commands from the command line:

 new [master file] - splits up a master JSON file into encrypted tiers.
 add [new tier file] - encrypts the provided file and adds it as the lowest tier.
 list - list all locally available tiers.
 list keys - list GnuPG keys currently available.
 view [file] - decrypts the provided file and displays its contents.
 rm [tier] - deletes the given tier.
 rm all - deletes all tiers.
 help - show this help and exit.
 use [tier] - opens [tier] in a sub-prompt

Available commands while a tier file is open:

 add [credential name] [key] [value] [key] [value] - Adds a new Credentials object.
 rm [name] - Removes the specified Credentials object, current tier only.
 list - Lists all credential objects in the open tier.
 list all - Lists the names of the available tiers in the current file.
 view [name] - Displays specified Credential object.
 edit [credential name] [key] [new value] - Replaces the specified key's value with the provided value.
 use [tier] - Switches to a different tier.
 save - encrypts the active tier and saves it to disk.
 help - Display this list of commands.
 exit - Exits gpgstore.

Using the test data

A file of test data, test.json, has been provided. Five public-private key pairs have also been provided - these match those specified in test.json. The user may either generate keys locally and change the "keyID" fields in the JSON accordingly, or use the testing keys.

To use the provided key pairs, run the following in your gpgstore directory:

 gpg --import testpublic.key
 gpg --import-secret-keys testprivate.key

Once the keys are imported, it is highly recommended that they be marked as 'trusted' for ease of use. First use:

 gpg --list-keys

Note the "user id" for each key - "Master Tier", "Tier Two", etc. Now open the key editor:

 gpg --edit-key "User ID"

Where "User ID" is the name of each key. When the gpg prompt opens, type trust. Then set the trust of the key to 5.

In closing, I remind all readers that private keys posted on github are not to be used for serious applications.