share-secrets-safely (sheesy) is a solution for managing shared secrets in teams and build pipelines.
sy allows to setup a vault to store secrets, and share
them with your team members and tooling.
However, it wants to be a one-stop-shop in a single binary without any dependencies except
helping users to work with the
gpg toolchain and workaround peculiarities.
Please read the installation notes here.
The first steps showing on how to use the vault with a complete example and detailed explanations can be found in the book.
gpgto be installed on the host
passdoes really well is to setup a vault with minimal infrastructure and configuration. We use said infrastructure and don't reinvent the wheel.
sheesyvault with default configuration.
passactually is and how difficult it can be to use it especially in conjunction with
gpg, this project will not even look at the provided functionality but be driven by its project goals instead.
You will find various and probably biased and opinionated comparisons in our book. However, it's a fun read, and please feel free to make PRs for corrections.
vault recipients add <fingerprint>.
As you can see from the version numbers, this project dispenses major version generously. This is mainly because, for the sake of simplicity, there is only a single version number for the CLI as well as all used libraries.
Effectively, you can expect the CLI will change rarely, and if it does only to improve the user experience. The more tests we write, the more certain shortcomings become evident.
The vault library and its types will change much more often, but we would expect it to settle from 5.0.
This should make the first release which can be publicised, as it should include all the material people might need to get started using sheesy comfortably.
The GPGME dependency is also the major flaw for usability, as it eventually goes down to the quirks of GPG itself. SEQUOIA is a pure-Rust implementation of the PGP protocol, which would greatly help making sheesy even more usable.
sy aims to be as usable as possible, and breaks compatibility were needed to
achieve that. However, to allow people to leverage its improved portability
thanks to it being self-contained, it should be possible to let it act as a
stand-in for pass.
Even though its output won't be matched, its input will be matched perfectly, as well as its behaviour.
And last but not least, there should be some sort of documentation, highlighting similarities and differences.
As a prerequisite, you should be sure the build is green.
clippyand fix all warnings with
cargo clippy --all-features --bin=sy
As a prerequisite you must have made a release and your worktree must be clean, with the HEAD at a commit.
For safety, tests will run once more as CI doesn't prevent you from publishing red builds just yet.
release.mdfile and copy it into the release text on github.
doc/src/installation.md, update the URL to use the latest published version
make update-homebrew- it will push for you
make update-getting-started- it will push for you
Even though the documentation is currently updated with every push to master (to allows fixing the existing docs easily), the eye-candy on the front page needs to be regenerated too.
As a prerequisite, you will need an installed binary of
Please make sure your player is already linked to your account via
make asciinema-no-uploadand verify it contains what you expect with
asciicast play getting-started.cast