README
¶
Scy secure secret store CLI client
Installation
Latest binary can be found in release section
On x64 OSX
wget https://github.com/viant/scy/releases/download/v0.1.0/scy_darwin_x64.tar.gz
tar xvzf scy_darwin_x64.tar.gz
cp scy /usr/local/bin
On x64 Linux
wget https://github.com/viant/scy/releases/download/v0.1.0/scy_linux_x64.tar.gz
tar xvzf scy_darwin_x64.tar.gz
cp scy /usr/local/bin
Usage
./scy -h
You can use any afs supported storage, also including the following secret store managers:
- GCP Google Secret Manager
i.e
"gcp://secretmanager/projects/my-project/secrets/my_secret" - AWS - Secret Manager
i.e
aws://secretmanager/us-west-1/secret/prod/my/mysecret1 - AWS - System Manager - Parameter
i.e
aws://ssm/us-west-1/parameter/myParamX
To use AWS make the following files are present
~/.aws/config
[default]
region = us-west-1
~/.aws/credentials
[default]
aws_access_key_id = KEY HERE
aws_secret_access_key = SECRET HERE
To use GCP auth
export GOOGLE_APPLICATION_CREDENTIALS=myGoogle.secret
Securing secrets
Text
scy -m=secure -d=gcp://secretmanager/projects/viant-e2e/secrets/my_raw_secret1 -k=blowfish://default -t=raw ```
Basic credential
The source and dest can by any file system including local FS.
./scy -m=secure -s=unsecure_cred.json -d=securet_cred.json -k=blowfish://default -t=basic
SHA1
scy -m=secure -s=mySHA1.json -d=gcp://secretmanager/projects/myProject/secrets/my_secret1 -k=blowfish://default -t=sha1
where mySHA1.json uses the following format
{"IntegrityKey":"base64encodedIntegrityKey","Key":"base64encodedKey"}
Revealing secrets
Text
scy -m=reveal -s=gcp://secretmanager/projects/viant-e2e/secrets/aw1test -k=blowfish://default -t=ra
Basic credential
The source and dest can by any file system including local FS.
./scy -m=reveal -s=securet_cred.json -k=blowfish://default -t=basic
SHA1
scy -m=reveal -s=gcp://secretmanager/projects/myProject/secrets/my_secret1 -k=blowfish://default -t=sha1
Documentation
¶
Index ¶
- func Auth(auth *AuthCmd) error
- func AuthFirebase(auth *AuthCmd) error
- func Authorize(auth *AuthorizeCmd) error
- func Reveal(reveal *RevealCmd) error
- func Run(args []string)
- func RunWithCommands(args []string)
- func Secure(secure *SecureCmd) error
- func SignJwtClaim(sign *SignJwtCmd) error
- func VerifyFirebaseJwtClaim(ctx context.Context, verify *VerifyJwtCmd) error
- func VerifyJwtClaim(verify *VerifyJwtCmd) error
- type AuthCmd
- type AuthorizeCmd
- type Options
- type RevealCmd
- type SecureCmd
- type SignJwtCmd
- type TypedSource
- type VerifyJwtCmd
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthFirebase ¶ added in v0.9.0
AuthFirebase handles Firebase authentication
func Authorize ¶ added in v0.20.0
func Authorize(auth *AuthorizeCmd) error
Authorize handles authorization
func RunWithCommands ¶ added in v0.20.0
func RunWithCommands(args []string)
RunWithCommands runs the command-based CLI
func SignJwtClaim ¶ added in v0.2.1
func SignJwtClaim(sign *SignJwtCmd) error
SignJwtClaim signs JWT claims
func VerifyFirebaseJwtClaim ¶ added in v0.9.0
func VerifyFirebaseJwtClaim(ctx context.Context, verify *VerifyJwtCmd) error
VerifyFirebaseJwtClaim verifies Firebase JWT claims
func VerifyJwtClaim ¶ added in v0.2.1
func VerifyJwtClaim(verify *VerifyJwtCmd) error
VerifyJwtClaim verifies JWT claims
Types ¶
type AuthCmd ¶ added in v0.20.0
type AuthCmd struct {
TypedSource
Firebase bool `short:"f" long:"firebase" description:"firebase"`
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
ProjectId string `short:"p" long:"projectId" description:"project id"`
}
AuthCmd command for authentication
type AuthorizeCmd ¶ added in v0.20.0
type AuthorizeCmd struct {
AuthFlow string `short:"a" long:"authFlow" description:"authentication flow (Browser or OOB)" choice:"OOB" choice:"Browser" `
ConfigURL string `short:"c" long:"configURL" description:"OAuth2 config URL"`
SecretsURL string `short:"e" long:"secretsURL" description:"secrets URL for username/password"`
Scopes []string `short:"s" long:"scopes" description:"OAuth2 scopes"`
UsePKCE bool `short:"p" long:"usePKCE" description:"use PKCE for OAuth2 flow"`
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
}
AuthorizeCmd command for authorization
func (*AuthorizeCmd) Execute ¶ added in v0.20.0
func (a *AuthorizeCmd) Execute(args []string) error
Execute runs the authorize command
func (*AuthorizeCmd) Init ¶ added in v0.20.0
func (a *AuthorizeCmd) Init()
Init normalizes file locations
func (*AuthorizeCmd) Validate ¶ added in v0.20.0
func (a *AuthorizeCmd) Validate() error
Validate validates the authorize command options
type Options ¶
type Options struct {
Secure *SecureCmd `command:"secure" description:"secures secrets"`
Reveal *RevealCmd `command:"reveal" description:"reveals secrets"`
SignJwt *SignJwtCmd `command:"signJwt" description:"sign JWT"`
VerifyJwt *VerifyJwtCmd `command:"verifyJwt" description:"verify JWT"`
Authorize *AuthorizeCmd `command:"authorize" description:"authorize using OAuth2"`
}
Options is the main command structure with command annotations
type RevealCmd ¶ added in v0.20.0
type RevealCmd struct {
TypedSource
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
}
RevealCmd command for revealing secrets
type SecureCmd ¶ added in v0.20.0
type SecureCmd struct {
TypedSource
DestURL string `short:"d" long:"dest" description:"dest location"`
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
}
type SignJwtCmd ¶ added in v0.20.0
type SignJwtCmd struct {
TypedSource
RSAKey string `short:"r" long:"rsa" description:"private/public key location"`
HMacKey string `short:"a" long:"hmac" description:"hmac key location (base64 encoded)"`
ExpirySec int `short:"e" long:"expiry" description:"expiry TTL in sec"`
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
}
SignJwtCmd command for signing JWT tokens
func (*SignJwtCmd) Execute ¶ added in v0.20.0
func (s *SignJwtCmd) Execute(args []string) error
Execute runs the signJwt command
func (*SignJwtCmd) Init ¶ added in v0.20.0
func (s *SignJwtCmd) Init()
Init normalizes file locations
func (*SignJwtCmd) Validate ¶ added in v0.20.0
func (s *SignJwtCmd) Validate() error
Validate validates the signJwt command options
type TypedSource ¶ added in v0.20.0
type VerifyJwtCmd ¶ added in v0.20.0
type VerifyJwtCmd struct {
TypedSource
RSAKey string `short:"r" long:"rsa" description:"private/public key location"`
HMacKey string `short:"a" long:"hmac" description:"hmac key location (base64 encoded)"`
Firebase bool `short:"f" long:"firebase" description:"firebase"`
Key string `short:"k" long:"key" description:"key i.e blowfish://default"`
ProjectId string `short:"p" long:"projectId" description:"project id"`
}
VerifyJwtCmd command for verifying JWT tokens
func (*VerifyJwtCmd) Execute ¶ added in v0.20.0
func (v *VerifyJwtCmd) Execute(args []string) error
Execute runs the verifyJwt command
func (*VerifyJwtCmd) Init ¶ added in v0.20.0
func (v *VerifyJwtCmd) Init()
Init normalizes file locations
func (*VerifyJwtCmd) Validate ¶ added in v0.20.0
func (v *VerifyJwtCmd) Validate() error
Validate validates the verifyJwt command options
Source Files
Click to show internal directories.
Click to hide internal directories.