Python CLI to share secret files via github with symmetric encryption ed25519.
- IMPORTANT: The secret files should be git-ignored to avoid oblivious leakage.
- Temporarily supports only text files (only tested with
.env). - Best used to store/share secrets and configurations.
- Key should be a 32-byte long string, meanly, 32 ASCII, 16 two-byte UTF-8 or 8 four-byte UTF-8 characters.
- (FAQ) If you share with GitHub (like the example), please notice that there's a 5 minutes cool-down on refreshing. Detail However, GitHub Gist seems doesn't have this cool-down limitation.
- Install CLI:
pip3 install symmetric-secret-share. - Check the Tutorial Chapter and
sss --help. - Recommended: set up a global key chain with
sss key, or you would have to input a key every time. - Get a config like
$REPO_ROOT/tests/injection/sss.json. The JSON-schema in$schemaof this file will help you write the config file.
-
Get a config file like
$REPO_ROOT/tests/injection/sss.json. -
Run CLI
sss inject [-k TEXT] CONFIG_PATH
-
Run CLI
sss share [-k TEXT] CONFIG_PATH
-
Run CLI
sss key [-c/f/g] # -g: generate one key, -c: clear key chain, -f: force -
Upload the generated file to GitHub (or other platforms).
-
Update the config file if needed.
- There are
256**32==1,15e+77keys of 32 of ASCII (one-byte utf-8 string). - To generate ASCII key, you can use
sss key --generate. - To generate two-byte utf-8 string, a possibility is to use onlineutf8tools
- Created for Artcoin-Network, modifying a private repo Artcoin-Network/artificial-dev-config.
- To contribute, please fork the repo and run
poetry install. - Read more in CONTRIBUTE.md
In this tutorial, all commands are assumed to be run under the $REPO_ROOT. We are going to use these concepts and variables:
- key chain: A file to share key, initialized with
sss key. - key:
This key contains 32 characters.. - URL:
https://raw.githubusercontent.com/PabloLION/symmetric-secret-share/main/tests/example.encrypted.
We are going to play with the folder test/injection, with the sss.json file inside it. To share your own file, a new config file should be created.
sss key # create/edit
sss key -c # clear all keysThese code will generate a test/injection/target.env like test/example.env
sss inject ./tests/injection/sss.json # use key from initial key chain
sss inject -k "This key contains 32 characters." ./tests/injection/sss.json
sss inject ./tests/injection/sss.json -k "I'm a string with 32 characters." # failNeed to upload manually #TODO
These code will generate a test/injection/target.encrypted
sss share ./tests/injection/sss.json # use key from initial key chain
sss share -k "This key contains 32 characters." ./tests/injection/sss.json