Keysafe is a simple tool for encrypting a bunch of files with a
bunch of different people's public keys, and keeping those files up-to-date.
It uses the awesome service, keybase.io, to fetch
keys, although it calls gpg directly for increased speed.
- Shared credentials
- Software licenses
- API keys
- Anything else that you want to share, securely, with multiple people
It should work on Linux, OS X, or any other UNIXy system.
It needs Python, gpg, and curl installed.
Clone the repo, or otherwise copy the keysafe-update code in particular.
Create an ACL file, like the sampleacl.json
{
"deploy.key": ["swenson", "max", "chris"]
}This says that we will encrypt the file deploy.key with the
public keys associated to the keybase.io users
swenson, max, and chris.
Now, simply run
./keysafe-update acl.jsonIt will automatically import their keys from the keybase API
and encrypt the specified files.
The files will have .encrypted appended to them, e.g.,
deploy.key will be encrypted to deploy.key.encrypted.
You can then read the file with keysafe-read, or with
a simple gpg --decrypt deploy.key.encrypted (for example).
Licensed under the MIT license. See LICENSE.md.