Skip to content
This repository has been archived by the owner on Mar 9, 2019. It is now read-only.

buth/stocker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

125 Commits

auth

auth

 
 

backend

backend

 
 

cmd

cmd

 
 

crypto

crypto

 
 

.drone.yml

.drone.yml

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

VERSION

VERSION

 
 

release.sh

release.sh

 
 

stocker.go

stocker.go

 
 

Repository files navigation

Note: Stocker has been mothballed in favor of other better supported projects such as Vault.

Stocker

Stocker provides a method for managing environment variables for a process securely. It was designed with Docker containers in mind, but can be used to set configuration information for any given command.

When run as a server, Stocker accepts SSH connections from Stocker clients for both writers and readers. Authorized public keys are retrived for both users when the server is started. Values are encrypted and decrypted as requested using a seperate private key stored only on the server; this means that client keys can be rotated, added to, revoked, etc. without the need to re-encrypt data in the key/value store backend.

Stocker is designed to work with any backend, but presently only Redis has been implemented. All information stored with a given backend is encrypted using AES-256 in CBC mode, signed with a SHA-512 HMAC.

Stocker is designed to solve the secure configuration issue and not to be a full-fledged deployment tool for Docker or anything else.

Command Refference

key

stocker key filename

The key command generates a new cryptographic key to be used in conjunction with the server command. The only argument is the filepath to use to save said key to disk. Correct permissions (600) will be set for the created file.

set

stocker set [options] variable [variable...]
  -E=false: use current environment when possible
  -a=":2022": address of the stocker server
  -g="": group to use for storing and retrieving data
  -i="": path to an SSH private key

The set command can be used to save new values for one or more environment variables for a given group (-g). After specifying said variables as arguments on the command line, you will be prompted to securely input the coresponding values.

exec

stocker exec [options] command [argument...]
  -a=":2022": address of the stocker server
  -g="": group to use for storing and retrieving data
  -i="": path to an SSH private key
  -u="": user to execute the command as

The exec command will fetch and decode all environment variables (-E) for a given group (-g) and/or any number of individual environment variables and merge them into the current environment when running the specified command.

server

stocker server [options]
  -a=":2022": address to listen on
  -b="redis": backend to use
  -h=":6379": backend address
  -i="/etc/stocker/id_rsa": path to an ssh private key
  -k="/etc/stocker/key": path to encryption key
  -n="stocker": backend namespace
  -r="": retrieve reader public keys from this URL
  -t="tcp": backend connection protocol
  -w="": retrieve writer public keys from this URL

The server command will run a new Stocker server process in the foreground.

Contributing

The project is making use of GitHub issues to track progress. If you discover a bug or have a feature request please open a new issue, regardless of whether or not you intend to contribute code yourself.

For those who want to contribute code, we're using the git-flow method, so please submit pull requests as feature branches.

About

Manage environment variables securely.

Resources

Readme

License

MIT license
Activity

Stars

98 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages