Skip to content
main
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

🔐 s5 - Safely Store Super Sensitive Stuff

PkgGoDev Go Report Card test Coverage Status release s5

s5 allows you to easily cipher/decipher content within your files. It is a cli tool that works on most platforms (Linux, Mac OS X, Windows, Freebsd and Solaris!)

Encryption backends supported

TL:DR

Example using AES-GCM as the encryption backend

asciicast

Usage

~$ s5
NAME:
   s5 - cipher/decipher text within a file

USAGE:
   s5 [global options] command [command options] [arguments...]

COMMANDS:
     cipher    return an encrypted s5 pattern that can be included in any file
     decipher  return an unencrypted s5 value from a given pattern
     render    render a file that (may) contain s5 encrypted patterns
     help, h   Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --log-level level    log level (debug,info,warn,fatal,panic) (default: "info") [$S5_LOG_LEVEL]
   --log-format format  log format (json,text) (default: "text") [$S5_LOG_FORMAT]
   --help, -h           show help
   --version, -v        print the version

Install

Have a look onto the latest release page and pick your flavor.

Checksums are signed with the following GPG key: C09C A9F7 1C5C 988E 65E3  E5FC ADEA 38ED C46F 25BE

Go

~$ go get -u github.com/mvisonneau/s5

Snapcraft

~$ snap install mvisonneau-s5

Homebrew

~$ brew install mvisonneau/tap/s5

Docker

~$ docker run -it --rm docker.io/mvisonneau/s5
or
~$ docker run -it --rm ghcr.io/mvisonneau/s5

Scoop

~$ scoop bucket add https://github.com/mvisonneau/scoops
~$ scoop install s5

Binaries, DEB and RPM packages

For the following ones, you need to know which version you want to install, to fetch the latest available :

~$ export S5_VERSION=$(curl -s "https://api.github.com/repos/mvisonneau/s5/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
# Binary (eg: freebsd/amd64)
~$ wget https://github.com/mvisonneau/strongbox/releases/download/${S5_VERSION}/strongbox_${S5_VERSION}_freebsd_amd64.tar.gz
~$ tar zxvf strongbox_${S5_VERSION}_freebsd_amd64.tar.gz -C /usr/local/bin

# DEB package (eg: linux/386)
~$ wget https://github.com/mvisonneau/strongbox/releases/download/${S5_VERSION}/strongbox_${S5_VERSION}_linux_386.deb
~$ dpkg -i strongbox_${S5_VERSION}_linux_386.deb

# RPM package (eg: linux/arm64)
~$ wget https://github.com/mvisonneau/strongbox/releases/download/${S5_VERSION}/strongbox_${S5_VERSION}_linux_arm64.rpm
~$ rpm -ivh strongbox_${S5_VERSION}_linux_arm64.rpm

Examples

Render in-place

~$ cat example.yml
foo: {{ s5:8tceTb9yc0CBgEqrpw== }}

~$ s5 render aes --in-place example.yml

~$ cat example.yml
foo: bar

Render in a new file

~$ cat example.yml
foo: {{ s5:8tceTb9yc0CBgEqrpw== }}

~$ s5 render aes example.yml --output example-dec.yml

~$ cat example-dec.yml
foo: bar

Troubleshoot

You can use the --log-level debug flag in order to troubleshoot

~$ cat example.yml
foo: {{ s5:8tceTb9yc0CBgEqrpw== }}

~$ s5 --log-level=debug render aes example.yml
DEBU[2019-07-24T18:16:44+02:00] Opening input file : example.yml
DEBU[2019-07-24T18:16:44+02:00] Starting deciphering
DEBU[2019-07-24T18:16:44+02:00] found: 8tceTb9yc0CBgEqrpw
DEBU[2019-07-24T18:16:44+02:00] Deciphering '8tceTb9yc0CBgEqrpw' using AES
DEBU[2019-07-24T18:16:44+02:00] Outputing to stdout
foo: bar
DEBU[2019-07-24T18:16:44+02:00] Executed in 1.803305ms, exiting..

Develop / Test

If you use docker, you can easily get started using :

~$ make dev-env
# You should then be able to use go commands to work onto the project, eg:
~docker$ make fmt
~docker$ s5

This command will spin up a Vault container and build another one with everything required in terms of golang dependencies in order to get started.

Build / Release

If you want to build and/or release your own version of s5, you need the following prerequisites :

~$ git clone git@github.com:mvisonneau/strongbox.git && cd strongbox

# Build the binaries locally
~$ make build

# Build the binaries and release them (you will need a GITHUB_TOKEN and to reconfigure .goreleaser.yml)
~$ make release

IDEs

We have modules/extensions for both atom.io and vscode

Contribute

Contributions are more than welcome! Feel free to submit a PR.