Hi, I've spent a lot of time just to understand that the download link is pointing to really old version ( most probably ) and most of the things do not work at all. At the end I've just compiled it and it seems much much better now. Maybe a new link should be provided or at least to be putted some note for that ?

go-etcd has been deprecated for a long time. switch to github.com/coreos/etcd/client.

additionally, the v3 API has just been released in etcd 2.3.0. crypt should somehow support the v3 api.

github.com/armon/consul-api is long deprecated

Yet it is used by backend/consul/consul.go

hi,
I am in the process of setting up crypt and I hit this issue with the new GnuPG 2.1 which have removed secring file.

https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring

and idea how I can get crypt to work?

thanks,
eddie

I see, here are so many dead discussions and PRs
@bketelsen , am I understand correctly this project is dead now? And an active project is this one: https://github.com/bketelsen/crypt ?

Please file issues and PRs against bketelsen/crypt.

at the moment I see no possibility to connect via https
crypt -backend consul -endpoint ENDPOINT ...
becomes http://ENDPOINT

in backend.consul.consul.New just the Address is set ( and not Scheme)

From the documentation page, it states "After encryption, it is gzip'd, and base64 encoded so it can be stored in your key/value store of choice." I am wondering what the intuition is behind this?

Compression is only useful for non-random (especially text) data and whereas encryption attempts to output seemingly random data (across a uniform distribution). Clearly crypt shouldn't do the alternative of compress then encrypt as that opens up to other attacks such as seen with CRIME. So why encrypt then compress?

Hi,

The go install github.com/xordataexchange/crypt/bin/crypt URL seems to be broken, I get a 404. There doesn't seem to be Windows binaries to install either.

Thanks.

I'd love to see Zookeeper support. Trying to decide between etcd and zookeeper. It'd be nice if we could use crypt in either case.

GPG 2.1+ doesn't use secret keyring anymore. Is there a possible workaround? GnuPG 2.1 (and upwards) switched to a new keyring format with better performance. For newly generated keyrings, the keys are stored in the pubring.kbx file. Another change was merging public and private keyrings, that's why there is no additional secring.kbx.

see:
https://github.com/buth/stocker

Their Exec subcommand is a really great idea. Investigate implementing this in Crypt?

cc: @buth

Hey guys, I have some ideas that I wanted to discuss before doing any work in regards to encoding.

I think encoding should have an interface, similar to how the backend is already set up, allowing more encoding types.

Then, instead of separating the config manager into the two different standard and encoded types, it'd be a single one that would contain the backend and the encoder. If the encoder was nil, it would just add it to the store without any encoding. If it was not nil, it would call .Encode() on it and add it. Unfortunately, this would break backwards compatibility, but I think is an overall win in simplicity.

In the future, I'd like to add using the AWS Key Management Service as an encoding type (using AES from the GenerateDataKey() call). KMS would need to be added to goamz first, or we could make our own implementation here and just use a normal httpclient.

Let me know your thoughts on the matter, thanks!

Hey there,

This project looks great, thanks. We're evaluating various tools for managing secrets, and so far this looks like the most effective yet simple option out there. However I've noticed that there has been almost no repo activity in two years. Is this project still being actively developed/maintained?