cred is a tool to enable easy manipulation of a directory tree populated with GnuPG encrypted YAML.
-
Get data from stores
-
Retrieve key value pairs from a named store
$ cred get example.com username password username: foobar password: quuxxyzzy
-
Retrieve the entire set of data from a store
$ cred get example.com username: foobar password: quuxxyzzy uri: https://example.com/login
-
List attributes in a store
$ cred get --keys example.com uri username password
-
-
Create new stores
$ cred add example.com Password: Add which keys? [username, password]: username: foobar password: quuxxyzzy Saved cred is... password: quuxxyzzy username: foobar
-
Modify existing credentials for a domain
-
Using directories to namespace credentials under the configured credential path
-
Listing credentials
-
gpg-agent support
- recent Python, python-gnupg and PyYAML
- GnuPG (and a keypair)
- Some 'key: value' type stuff (like login information) you want to encrypt with keys on your GPG keyring
- gnupg.vim A nice vim plugin for creating and modifying gpg encrypted text files.
-
Clone the repository:
git clone https://github.com/maxrp/cred.git && cd cred
-
Install the script:
python setup.py install --user
-
Copy the example config to it's proper place:
cp ./examples/credconf.yaml ~/.credconf.yaml
-
Edit ~/.credconf.yaml. Namely:
- Set "gpg_home" to the right value
- Set "credentials" to the place you would like to store these credentials. If the directory does not exist, it will be created.
- Set "default_key" to the UID of key you want to sign with, i.e. "Bob" or "Bob Dobbs" or "Bob Dobbs <[email protected]>"
- Add UIDs of trusted keys to default_recipients, if you like (the default_key will be appended to this list automatically)
-
Make sure you have ~/.local/bin in your path.
-
Try it out!
cred --help cred add example.net cred get --keys example.net cred get example.net password cred add alter-ego/example.net cred modify alter-ego/example.net cred get
-
cat lib/bash_completion.sh >> .bashrc
or whatever; for local completions I have a ~/.bash_completions which is sourced in my .bashrc and it's not an awful way to deal with personal completion preferences.
The quickest way to get a workable gpg-agent environment for any scenario:
gpg-agent --pinentry-program /usr/bin/pinentry-curses --daemon /bin/bash