Releases: plyint/encpass.sh
Fix forceable add command
Fixed the forceable add command logic to suppress the confirmation prompt properly.
Fix broken secret removal
Minor fix to the "remove command" to allow removal of individual secrets from a bucket
Command Line Management
This release adds command line management capabilities to encpass.sh. Now you can do things like:
- Add secrets/buckets
- Update secrets/buckets
- Remove secrets/buckets
- List secrets/buckets
- Show secrets/bucket
- Lock/Unlock all keys for buckets
Bonus: All the commands that take bucket names or secret names support wildcards. :)
If you do not need the command line management capabilities, the code is organized in such a way that you can simply delete the entire lower section of code from encpass.sh to reduce the size of the file. This makes it easier to bundle a slimmed down version of encpass.sh with only the retrieval functions in your scripts if you would like.
In addition, to the command line management capabilities user's can now specify the location of the .encpass directory by setting the ENCPASS_HOME_DIR environment variable and user's can now lock/unlock their keys with a password, when the secrets are not in use. This means that even if someone has access to the .encpass directory (which they normally shouldn't) the keys can not be used to read the encrypted passwords. This can be useful if you need to copy/move the keys to another device, as you can now perform a lock ("./encpass.sh lock") before copying/moving and then unlock ("./encpass.sh unlock") once the keys are on the new device. Just be sure to remember that password! :)
Formatting and syntax improvements
Minor formatting, removal of backticks for executing commands, and better string handling.
Test Suite
New test suite has been added to the code base to test Posix compliance in various shells. Thanks @etopeter !
Set permissions with umask on private key
Use umask to set restrictive permissions on private key and make minor informational updates.
Patch checks parameter issue
Fix an issue where the parameters were not being properly passed to the checks function. This was preventing multiple secrets from being used in the same script. (e.g. a password and username)
OpenSSL only with new home folder structure
This release has the following changes:
- The dependency on SSH has been removed and only OpenSSL is required.
- A more secure implementation using unique AES 256 bit symmetric keys for each script or user-defined label.
- Creates a new home folder structure to hold all keys and secrets
- Supports named secrets and labels that can be reused by different scripts.
Initial release
Initial release that uses SSH keys to perform public/private key encryption of passwords.