plyint / encpass.sh Goto Github PK
View Code? Open in Web Editor NEWLightweight solution for using encrypted passwords in shell scripts
License: MIT License
encpass.sh's People
Contributors
Stargazers
Watchers
Forkers
lummar etopeter unders izogain vicmac icakir chosen1 neuroradiology ksmaheshkumar a12o cloudxtreme yutaoxu waltspence lguzzon arievengeanc3 stackpoet nightcrawler123 hiranp gadric reddysainathn eespinal nehalecky jurya gregabi iit-ccserver juliusl mkyrychenko sasecio synack-securities binlab binlabnet psibot kiwicloudmaster pisut4152 tjx666 allenlii zabrane crowedavid shniranjan zakariasemlali timtaylor64 vdrhorst amardeepl11encpass.sh's Issues
basename: invalid option -- 'b'
Hello @ahnick,
Hope you are doing well. We are trying to use encpass in centos v 6.5. But we are facing some errors. Could you please suggest what went wrong?
[eretail@eretailapp01 DO_NOT_DELETE]$ . encpass.sh
basename: invalid option -- 'b'
Try `basename --help' for more information.
[eretail@eretailapp01 DO_NOT_DELETE]$ ll
total 52
-rwxr-xr-x 1 eretail eretail 47467 Jun 23 13:11 encpass.sh
-rwxr-xr-x 1 eretail eretail 1349 Jun 3 10:13 start_services.sh
[eretail@eretailapp01 DO_NOT_DELETE]$ cat /etc/*release
CentOS release 6.5 (Final)
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
[eretail@eretailapp01 DO_NOT_DELETE]$
How to use in MacOS
I install it by:
curl https://raw.githubusercontent.com/ahnick/encpass.sh/master/encpass.sh -o /usr/local/bin/encpass.shEvery I using it ask me permission, after I give it permission, it still doesn't work.
lock command does not work on macOS
Running encpass.sh lock on macOS aborts with following error:
Enter Password to lock keys:
Confirm Password:
Locking key bucket1...
usage: enc -ciphername [-AadePp] [-base64] [-bufsize number] [-debug]
[-in file] [-iv IV] [-K key] [-k password]
[-kfile file] [-md digest] [-none] [-nopad] [-nosalt]
[-out file] [-pass arg] [-S salt] [-salt]
-A Process base64 data on one line (requires -a)
-a Perform base64 encoding/decoding (alias -base64)
-bufsize size Specify the buffer size to use for I/O
-d Decrypt the input data
-debug Print debugging information
-e Encrypt the input data (default)
-in file Input file to read from (default stdin)
-iv IV IV to use, specified as a hexadecimal string
-K key Key to use, specified as a hexadecimal string
-md digest Digest to use to create a key from the passphrase
-none Use NULL cipher (no encryption or decryption)
-nopad Disable standard block padding
-out file Output file to write to (default stdout)
-P Print out the salt, key and IV used, then exit
(no encryption or decryption is performed)
-p Print out the salt, key and IV used
-pass source Password source
-S salt Salt to use, specified as a hexadecimal string
-salt Use a salt in the key derivation routines (default)
-v Verbose
Valid ciphername values:
-aes-128-cbc -aes-128-cbc-hmac-sha1 -aes-128-cfb
-aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr
-aes-128-ecb -aes-128-gcm -aes-128-ofb
-aes-128-xts -aes-192-cbc -aes-192-cfb
-aes-192-cfb1 -aes-192-cfb8 -aes-192-ctr
-aes-192-ecb -aes-192-gcm -aes-192-ofb
-aes-256-cbc -aes-256-cbc-hmac-sha1 -aes-256-cfb
-aes-256-cfb1 -aes-256-cfb8 -aes-256-ctr
-aes-256-ecb -aes-256-gcm -aes-256-ofb
-aes-256-xts -aes128 -aes192
-aes256 -bf -bf-cbc
-bf-cfb -bf-ecb -bf-ofb
-blowfish -camellia-128-cbc -camellia-128-cfb
-camellia-128-cfb1 -camellia-128-cfb8 -camellia-128-ecb
-camellia-128-ofb -camellia-192-cbc -camellia-192-cfb
-camellia-192-cfb1 -camellia-192-cfb8 -camellia-192-ecb
-camellia-192-ofb -camellia-256-cbc -camellia-256-cfb
-camellia-256-cfb1 -camellia-256-cfb8 -camellia-256-ecb
-camellia-256-ofb -camellia128 -camellia192
-camellia256 -cast -cast-cbc
-cast5-cbc -cast5-cfb -cast5-ecb
-cast5-ofb -chacha -des
-des-cbc -des-cfb -des-cfb1
-des-cfb8 -des-ecb -des-ede
-des-ede-cbc -des-ede-cfb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb
-des-ofb -des3 -desx
-desx-cbc -gost89 -gost89-cnt
-gost89-ecb -id-aes128-GCM -id-aes192-GCM
-id-aes256-GCM -rc2 -rc2-40-cbc
-rc2-64-cbc -rc2-cbc -rc2-cfb
-rc2-ecb -rc2-ofb -rc4
-rc4-40 -rc4-hmac-md5
Error: The key fle and/or lock file were not found as expected for key bucket1.
Locked 0 keys.
Command to store password
Hey @ahnick
Thank you for creating such a nice solution. I used it around 1 year ago but forgot how to save password in a bucket or as a standalone. Nor could I find any such direction anywhere. Could you please share commands to create password? Because I only know how to fetch the password
get_secret error
a small problem anyhow
I removed all - download encpass.sh again and did
[dbadmin@luechdb61 scripts]$ ./encpass.sh add db2Deploy.sh dbllua2
Adding secret "dbllua2" to bucket "db2Deploy.sh"...
Enter dbllua2:
Confirm dbllua2:
repeated for different users
retrieve : ok
[dbadmin@luechdb61 scripts]$ ./encpass.sh show
db2Deploy.sh:
dbllua1 = 9iOU0TBSXafvqKnH037c
dbllua2 = wwxICOwW0HJkjzrez49P
dbllud1 = VCYzqhvc8C1XMW6Uvfzc
dbllud2 = TgdTi4WJec3x55J17AwF
but when using
[dbadmin@luechdb61 scripts]$ get_secret db2Deploy.sh dbllua2
basename: invalid option -- 'b'
Try 'basename --help' for more information.
wwxICOwW0HJkjzrez49P
the password is correct bu complaining about basename
is this correct or only valid if called from db2Deploy.sh
best regards, Guy
encpass in script
when I use encpass from command line : no problem
#!/bin/sh
label=$1
. ./encpass.sh
password=$(get_secret $label)
echo "passw $password
[dbadmin@luechdb61 scripts]$ ./secret.sh dbllud1
passw VCYzqhvc8C1XMW6Uvfzc
[dbadmin@luechdb61 scripts]$ ./secret.sh dbllud2
passw TgdTi4WJec3x55J17AwF
password is correctly retrieved
now I call it from another script
......
usr_name=$(echo ${server_name} |cut -d ':' -f3)
echo "handling script_name ${Scr_nme} for server_name : ${srv_name=} dbname : ${db_name} "
. ./encpass.sh
password=$(get_secret ${usr_name})
....
in this case : I also echoed the input and is correct
but get_secret does not recognize this and wants to create a new entry although the entry is correctly displayed
[dbadmin@luechdb61 scripts]$ ./db2Deploy.sh -s scr.sql -m deploy.lst -e d
handling script_name scr.sql for server_name : luechdb61 dbname : IEEINT
xdbllud1x <--- echo from script x${usr_name}x
Enter dbllud1:
stty: standard input: Inappropriate ioctl for device
stty: standard input: Inappropriate ioctl for device
what could be the reason for this ?
thanks for all answer
best regards, Guy
Secrets don't properly get exported on ubuntu 20.04
Secrets don't properly get exported on ubuntu 20.04. I'm having trouble exporting them without having to enter them again on ubuntu. On Both different servers and the same server as root
help command doesn't work in macOS
The man command in macOS doesn't support the -l option.
$ encpass.sh help
man: invalid option -- l
man, version 1.6g
usage: man [-adfhktwW] [section] [-M path] [-P pager] [-S list]
[-m system] [-p string] name ...
this duplicates (badly) the pass functionality
there is a gold standard for this which integrates directly with git
https://www.passwordstore.org
good luck!
Key files named as dot files do not get locked or unlocked
Thanks for the useful (and well thought out) tool.
Key files are named per the originating script. If the user has named that script as a dot file, encpass.sh will name the key file as such. When using the lock and unlock function, they do not match dot files. A quick fix that worked for me was to add shopt -s dotglob to the top of the encpass.sh script. There are probably better ways to do this.
Confusing positional parameters for get_secret
With newest changes we're using function get_secret param1 param2 are confusing.
Current behavior:
if I put get_secret param1 I will get secret param1 for label of current script name
if I put get_secret param1 param2 I will get secret param2 for label param1
if i put get_secret (without parameters) I will get secret "password" and label script name
param1 and param2 meaning changes depending on number of parameters.
Positional parameters should always mean the same. Since this function is used by programmers we should require all parameters. This way it always clear what password you're getting/setting. Default settings could be set for command line interface users.
if [ ! -z $1 ] && [ ! -z $2 ]; then
LABEL=$1
SECRET_NAME=$2
elif [ ! -z $1 ]; then
LABEL=$(basename $0)
SECRET_NAME=$1
...
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.