Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Oleiade
committed
Aug 14, 2013
0 parents
commit 4eb3199
Showing
23 changed files
with
1,981 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| Creator | ||
| ======= | ||
|
|
||
| * Oleiade <tcrevon@gmail.com> | ||
|
|
||
| Open-source contributions import | ||
| ================================ | ||
|
|
||
| * ``decryption.go`` and ``encryption.go`` source code was extracted from `couchbaselabs/consolio <https://github.com/couchbaselabs/consolio>`_ with authors authorization. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| Copyright (c) 2013, Theo Crevon. All rights reserved. | ||
|
|
||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| of this software and associated documentation files (the "Software"), to deal | ||
| in the Software without restriction, including without limitation the rights | ||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| copies of the Software, and to permit persons to whom the Software is | ||
| furnished to do so, subject to the following conditions: | ||
|
|
||
| The above copyright notice and this permission notice shall be included in | ||
| all copies or substantial portions of the Software. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
| THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| SYS_OS := $(shell uname -s) | ||
|
|
||
| TROUSSEAU_PACKAGE := bitbucket.com/facteur/trousseau | ||
| BUILD_SRC := build_src | ||
| BUILD_PATH := ${BUILD_SRC}/src/${TROUSSEAU_PACKAGE} | ||
|
|
||
| GIT_ROOT := $(shell git rev-parse --show-toplevel) | ||
| BUILD_DIR := $(CURDIR)/.gopath | ||
|
|
||
| GIT_COMMIT = $(shell git rev-parse --short HEAD) | ||
| GIT_STATUS = $(shell test -n "`git status --porcelain`" && echo "+CHANGES") | ||
|
|
||
| GOPATH ?= $(BUILD_DIR) | ||
| export GOPATH | ||
|
|
||
| # If current system is OSX, make sure to enable | ||
| # CGO for goamz/s3 package dependency to be able to | ||
| # use tls root certificates | ||
| ifeq ($(SYS_OS), Darwin) | ||
| COMPILATION_OPTIONS = CGO_ENABLED=1 | ||
| LDFLAGS := '-w' | ||
| else | ||
| COMPILATION_OPTIONS = CGO_ENABLED=0 | ||
| LDFLAGS := '-w -d' | ||
| endif | ||
|
|
||
| GO_OPTIONS ?= -a -ldflags=$(LDFLAGS) | ||
| ifeq ($(VERBOSE), 1) | ||
| GO_OPTIONS += -v | ||
| endif | ||
|
|
||
| BUILD_OPTIONS = -a -ldflags "-X main.GITCOMMIT $(GIT_COMMIT)$(GIT_STATUS)" | ||
|
|
||
| SRC_DIR := $(GOPATH)/src | ||
|
|
||
| TROUSSEAU_DIR := $(SRC_DIR)/$(TROUSSEAU_PACKAGE) | ||
| TROUSSEAU_MAIN := $(TROUSSEAU_DIR)/trousseau | ||
|
|
||
| TROUSSEAU_BIN_RELATIVE := bin/trousseau | ||
| TROUSSEAU_BIN := $(CURDIR)/$(TROUSSEAU_BIN_RELATIVE) | ||
|
|
||
| .PHONY: all clean test hack $(TROUSSEAU_BIN) $(TROUSSEAU_DIR) | ||
|
|
||
| all: $(TROUSSEAU_BIN) | ||
|
|
||
| $(TROUSSEAU_BIN): $(TROUSSEAU_DIR) | ||
| @mkdir -p $(dir $@) | ||
| @(cd $(TROUSSEAU_MAIN); $(COMPILATION_OPTIONS) go build $(GO_OPTIONS) $(BUILD_OPTIONS) -o $@) | ||
| @echo $(TROUSSEAU_BIN_RELATIVE) is created. | ||
|
|
||
| $(TROUSSEAU_DIR): | ||
| @mkdir -p $(dir $@) | ||
| @if [ -h $@ ]; then rm -f $@; fi; ln -sf $(CURDIR)/ $@ | ||
| @(cd $(TROUSSEAU_MAIN); go get -d $(GO_OPTIONS)) | ||
|
|
||
| clean: | ||
| @rm -rf $(dir $(TROUSSEAU_BIN)) | ||
| ifeq ($(GOPATH), $(BUILD_DIR)) | ||
| @rm -rf $(BUILD_DIR) | ||
| else ifneq ($(TROUSSEAU_DIR), $(realpath $(TROUSSEAU_DIR))) | ||
| @rm -f $(TROUSSEAU_DIR) | ||
| endif | ||
|
|
||
| test: | ||
| @(go get "github.com/stretchr/testify/assert") | ||
| @(cd $(TROUSSEAU_DIR); sudo -E go test -v $(GO_OPTIONS)) | ||
|
|
||
| fmt: | ||
| @gofmt -s -l -w . | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,288 @@ | ||
| ========= | ||
| Trousseau | ||
| ========= | ||
|
|
||
| *Trousseau* is an encrypted (*gpg*) key-value store file. It is designed to be easily manipulated and imported/exported on multiple remote storage sources. | ||
|
|
||
| It was built with private keys transportation and sharing across a servers (or cowers, there nodes after all). However it could be useful to anyone who needs to store and eventualy share sensitive datas(passwords, banking credentials sensitive personal informations, ...). | ||
|
|
||
| As of today *Trousseau* exposes a **push** - **pull interface to amazon S3 storage, but more are to come (Scp, Ftp, Dropbox, GDrive). | ||
| *Trousseau* is an open source software under the MIT license. Any hackers are welcome to supply ideas, features requests, patches, pull requests and so on: see `Contribute <>`_ | ||
|
|
||
|
|
||
| Installation | ||
| ============ | ||
|
|
||
| Binaries | ||
| -------- | ||
|
|
||
| Precompiled binaries of the project for *i386*, *x86_64* and *arm* architectures (linux and darwin) can be found in the project *bin* folder. Just copy it on your ``PATH`` and go ahead with *usage* instructions. | ||
|
|
||
|
|
||
| Build it | ||
| -------- | ||
|
|
||
| 1. First, make sure you have a `Go <http://http://golang.org/>`_ language compiler **>= 1.1** (*mandatory*) and `git <http://gitscm.org>`_ installed. | ||
|
|
||
| 2. Then, just build and copy the ``./bin/trousseau`` executable to a system *PATH* location | ||
|
|
||
| .. code-block:: bash | ||
| make | ||
| sudo cp ./bin/trousseau /usr/local/bin/trousseau | ||
| Usage | ||
| ===== | ||
|
|
||
| Prerequisities | ||
| -------------- | ||
|
|
||
| Gpg password | ||
| ~~~~~~~~~~~~ | ||
|
|
||
| Every decryption operations will require your *gpg* primary key password. As of today, **trousseau** will handle your password through the environment. Export your primary key password as ``TROUSSEAU_PASSWORD`` environment variable. | ||
|
|
||
| Example: | ||
|
|
||
| .. code-block:: bash | ||
| $ export TROUSSEAU_PASSWORD=mysupperdupperpassword | ||
| $ trousseau get abc | ||
| AWS credentials | ||
| ~~~~~~~~~~~~~~~ | ||
|
|
||
| If you intend to use the push/pull feature using `S3 <http://http://aws.amazon.com/s3/>`_ service, please make sure to set the | ||
| ``AWS_ACCESS_KEY_ID`` and ``AWS_SECRET_ACCESS_KEY`` variables, like: | ||
|
|
||
| .. code-block::bash | ||
| $ export AWS_ACCESS_KEY_ID=myaeccskey && export AWS_SECRET_ACCESS_KEY=mysecretkey | ||
| $ trousseau pull | ||
| Environment variables | ||
| --------------------- | ||
|
|
||
| * ``TROUSSEAU_PASSWORD`` (**mandatory**): your *gpg* primary key password that will be used to identify you as one of the trousseau data store recipient and give read/write access. | ||
| * ``AWS_ACCESS_KEY_ID`` and ``AWS_SECRET_ACCESS_KEY`` (*optional*): Your aws account credentials with proper read/write acces over S3. *Only if you intend to use the S3 remote storage features* | ||
| * ``TROUSSEAU_S3_BUCKET`` and ``TROUSSEAU_S3_FILENAME`` (*optional*): The remote s3 bucket the trousseau data should be pushed/pulled from and the expected remote name of the trousseau data store file. | ||
|
|
||
|
|
||
|
|
||
| Actions | ||
| ------- | ||
|
|
||
| Store creation and management | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| First use of **trousseau** requires the data store to be created. A **trousseau** data store is built and maintained for a list of *gpg* recipients who will be the only ones able to decrypt and manipulate it (so don't forget to include yourself ;) ) | ||
|
|
||
|
|
||
| Api | ||
| ``` | ||
|
|
||
| * ``create [RECIPIENTS ...]`` : creates the trousseau encrypted datastore for provided recipients and stores it in ``$HOME/.trousseau`` | ||
|
|
||
| * ``meta`` : Outputs the store metadata. | ||
|
|
||
| * ``add-recipient RECIPIENT`` : Adds a recipient to the store. The recipient will be able to open and modify the store. | ||
|
|
||
| * ``remove-recipient RECIPIENT`` : Removes a recipient from the store. The recipient will not be able to open or modify the store. | ||
|
|
||
|
|
||
| Example | ||
| ``````` | ||
|
|
||
| .. code-block:: bash | ||
| # create a trousseau for two gpg recipients | ||
| $ trousseau create 4B7D890,28EA78B | ||
| trousseau created at $HOME/.trousseau | ||
| # as you can see, trousseau data store consists | ||
| # in only one encrypted file, in your $HOME | ||
| $ cat ~/.trousseau | ||
| -----BEGIN PGP MESSAGE----- | ||
| wcBMA5i2a4x3jHQgAQgAGKAZd5UFauGBMkFz7wi4v4aNTGGpDS81drrevo/Tntdz | ||
| rr+PR/GjUlKZxhvG18mr+FuTV6q2DOK3Z0nROs57PLK9Q3ye40Su/Af1vj+LaN4i | ||
| AAMK9YVpjKaxz+pciUm8nBDkRxp3CLZ9eA2B+1JBy5HgziHY+7KC/dvaubRv0M0J | ||
| qzYvshIYU0urVQt7oO4WYVQbJ1N0OXV3oAzW4bBBs/p6b8KSUlmvHUr+9r4V1KvU | ||
| ynpHbp1T2HVPC9uqLgJ+PRjlQ2QsxjezkBntOFMaeMZjq2m2glw90aIGDAPjkMKy | ||
| 42qQbmdrT3+houqeKUrLcVFNOxevVEZLf8N3Qgo/H9LgAeSroddqYkJzOmknxDzP | ||
| MDk+4TaY4Ljge+G7j+CB4iBsIjrgSefl/4ZU30dJ/DHyL5i3lCCGXXAo2eqfJg2w | ||
| FZgh+qc8Mbjlz2iMdnC+b8rRwhMTgD1Tyd8vbR1ArPfQh3ThdePwrdyE86CYQZOA | ||
| MIBfKgTUpWiAtEhM23melF8H3oznrIKt1ZtDsxJEuBCZ86XlC9TF27XFWbnl7rfK | ||
| jF2kqP3DuuBA5d23HprbN6LjDSJeKbXDvc5LetBI7O5y954n3tMWCB9y4EjkpVAx | ||
| EWnovjEnnW89uXHaFOBQ4naH4kjg1OHEquCf4Nvgl+S5Pfi875yAKqxxK/+e8GGo | ||
| 4q8UZC7ho/cA | ||
| =t2zr | ||
| -----END PGP MESSAGE----- | ||
| # Now you can see some basic data have been added | ||
| $ cat ~/.trousseau | gpg -d -r 4B7D890 --textmode | ||
| You need a passphrase to unlock the secret key for | ||
| user: "My Gpg User <MyGpg@mail.com>" | ||
| 2048-bit RSA key, ID 4B7D890, created 2013-05-21 (main key ID 4B7D890) | ||
| gpg: encrypted with 2048-bit RSA key, ID 4B7D890, created 2013-05-21 | ||
| "My Gpg User <MyGpg@mail.com>" | ||
| {"_meta":{"created_at":"2013-08-12 08:00:20.457477714 +0200 CEST","last_modified_at":"2013-08-12 08:00:20.457586991 +0200 CEST","recipients":["92EDE36B"],"version":"0.1.0"},"data":{}} | ||
| # Among these data appears the metadata. Fortunately | ||
| # trousseau exposes a meta command to output them properly | ||
| $ trousseau meta | ||
| CreatedAt: 2013-08-12 08:00:20.457477714 +0200 CEST | ||
| LastModifiedAt: 2013-08-12 08:00:20.457586991 +0200 CEST | ||
| Recipients: [4B7D890] | ||
| TrousseauVersion: 0.1.0c | ||
| # Now suppose you'd like another recipient to be able to open and update | ||
| # the trousseau store | ||
| $ trousseau add-recipient 75FE3AB | ||
| $ trousseau add-recipient 869FA4A | ||
| $ trousseau meta | ||
| CreatedAt: 2013-08-12 08:00:20.457477714 +0200 CEST | ||
| LastModifiedAt: 2013-08-12 08:00:20.457586991 +0200 CEST | ||
| Recipients: [4B7D890, 75FE3AB, 869FA4A] | ||
| TrousseauVersion: 0.1.0c | ||
| # And if you don't want to give your love anymore to some | ||
| # of the store recipients, just remove him from the list | ||
| $ trousseau remove-recipient 75FE3AB | ||
| $ trousseau meta | ||
| CreatedAt: 2013-08-12 08:00:20.457477714 +0200 CEST | ||
| LastModifiedAt: 2013-08-12 08:00:20.457586991 +0200 CEST | ||
| Recipients: [4B7D890, 869FA4A] | ||
| TrousseauVersion: 0.1.0c | ||
| Now, we're up and ready for some fun stuff | ||
|
|
||
|
|
||
| Getting, setting, deleting, listing keys | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Once your trousseau has been created, you're now able to read, write, list, delete it's data and metadata. Here's how the fun part goes. | ||
|
|
||
| Api | ||
| ``` | ||
|
|
||
| * ``get KEY`` : Outputs the stored KEY-value pair | ||
| * ``set KEY VALUE`` : Sets the provided key-value pair in store | ||
| * ``del KEY`` : Deletes provided key from the store | ||
| * ``keys`` : Lists the stored keys | ||
| * ``show`` : Lists the stored key-value pairs | ||
|
|
||
|
|
||
| Example | ||
| ``````` | ||
|
|
||
| .. code-block:: bash | ||
| # Right now the store is empty | ||
| $ trousseau show | ||
| # Let's add some data into it | ||
| $ trousseau set abc 123 | ||
| $ trousseau set "easy as" "do re mi" | ||
| $ trousseau set oleiade-private-key "`cat ~/.ssh/id_rsa`" | ||
| # Now let's make sure data has been added | ||
| $ trousseau keys | ||
| abc | ||
| easy as | ||
| oleiade-private-key | ||
| $ trousseau get abc | ||
| 123 | ||
| $ trousseau show | ||
| abc: 123 | ||
| easy as: do re mi | ||
| oleiade-private-key: --- BEGIN PRIVATE KEY --- | ||
| ... | ||
| # Now if you don't need a key anymore, just drop it. | ||
| $ trousseau del abc # Now the song lacks something doesn't it? | ||
| Import/Export to remote storage | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| Trousseau was built with data remote storage in mind. As of today only S3 storage is available, but more are to come (don't forget to set your aws credentials environment variables) | ||
|
|
||
| Api | ||
| ``` | ||
|
|
||
| * ``push`` : Pushes the trousseau data store to remote storage | ||
| * ``pull`` : Pulls the trousseau data store from remote storage | ||
|
|
||
|
|
||
| S3 Example | ||
| `````````` | ||
|
|
||
| .. code-block:: bash | ||
| # First let's make sure our aws credentials are set | ||
| # in the environement | ||
| $ export AWS_ACCESS_KEY_ID=myaeccskey | ||
| $ export AWS_SECRET_ACCESS_KEY=mysecretkey | ||
| # Considering a non empty trousseau data store | ||
| $ trousseau show | ||
| abc: 123 | ||
| easy as: do re mi | ||
| # In order to be able to push to S3, whether set env variables | ||
| # TROUSSEAU_S3_FILENAME and TROUSSEAU_S3_BUCKET or provide -s3-remote-filename | ||
| # and -s3-bucket flags to the command line | ||
| $ export TROUSSEAU_S3_FILENAME=trousseau | ||
| $ export TROUSSEAU_S3_BUCKET=mytrousseaubucket | ||
| # And then you're ready to push | ||
| $ trousseau push | ||
| # Now that data store is pushed to S3, let's remove the | ||
| # local data store and pull it once again to ensure it worked | ||
| $ rm ~/.trousseau | ||
| $ trousseau show | ||
| Trousseau unconfigured: no data store | ||
| $ trousseau pull | ||
| $ trousseau show | ||
| abc: 123 | ||
| easy as: do re mi | ||
| More features to come | ||
| ===================== | ||
|
|
||
| * Support for Sftp remote storage | ||
| * Support for scp remote storage | ||
| * Support for GDrive remote storage | ||
| * Support for Dropbox remote storage | ||
|
|
||
| * In a further future I might had support for truecrypt encryption | ||
|
|
||
|
|
||
| Contribute | ||
| ========== | ||
|
|
||
| * Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug. | ||
| * Fork `the repository`_ on GitHub to start making your changes to the **master** branch (or branch off of it). | ||
| * Write tests which shows that the bug was fixed or that the feature works as expected. | ||
| * Send a pull request and bug the maintainer until it gets merged and published. :) Make sure to add yourself to AUTHORS_. |
Oops, something went wrong.