LocalKeyVault 0.3.0
See the version list below for details.
dotnet tool install --global LocalKeyVault --version 0.3.0
dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local LocalKeyVault --version 0.3.0
#tool dotnet:?package=LocalKeyVault&version=0.3.0
nuke :add-package LocalKeyVault --version 0.3.0
Local Key Vault
A simple "local" Key Vault to improve the developer experience
- Secrets are encrypted and stored in a local file
- This file can safely be checked into git
- The encryption key defaults to your SSH key (id_rsa)
- You can use a shared key during vault creation
- A one-way hash is generated (id_rsa.hash) automatically
- You can share this hash with your development team
- Simply save in your SSH directory
- $HOME/.ssh
- You are responsible for SSH key management
GitHub Codespaces and GitHub Actions allow you to securely inject secrets
- See
.devcontainer/on-create.sh
for this exampleLKV_HASH
is the GitHub secret
# add hash from Codespaces secret
echo $LKV_HASH > $HOME/.ssh/id_rsa.hash
echo $LKV_HASH > $HOME/.ssh/id_shared.hash
Installation
Installed automatically in Codespaces
# requires dotnet SDK 6
dotnet tool install --global localkeyvault
Usage
# Show usage
lkv
Usage:
lkv [command] [options]
Commands:
create <vault> Create a local key fault
clear Clear secrets from local vault
get <key> Get secret by key
set <key> <value> Set secret
delete <key> Delete secret by key
list List secrets
import <secretName> Import secrets from Kubernetes
export Export secrets
Options:
--version Show version information
-?, -h, --help Show help and usage information
Quick Start
# create a new vault
lkv create myvault
cat myvault.lkv
# add some secrets
lkv set foo bar
lkv set bar foo
# check the file
cat myvault.lkv
# check the secrets
lkv list
lkv get foo
lkv get bar
# source into env vars
source <(lkv export env)
echo $foo
echo $bar
Kubernetes support with Codespaces
- Codespaces creates a shared key at
$HOME/.ssh/id_shared.hash
- This is created in
.devcontainer/on-create.sh
per above
- This is created in
# if this fails, you don't have the shared key from the Codespaces secret
cat $HOME/.ssh/id_shared.hash
- Since we have a shared secret, we are able to use the
Secrets/cosmos.lkv
file across our dev team and CI-CD
# create a Kubernetes cluster (k3d)
k3d cluster create
# get secrets
kubectl get secrets
# change to the secrets directory
cd Secrets
# check the secrets
lkv list
lkv get CosmosKey
# export the shared secret to the default namespace
lkv export k8s cosmos
# get secrets
kubectl get secrets cosmos
# export the secrets to key files
lkv export files
ll
cat CosmosKey
cat CosmosUrl
# .gitignore is configure to ignore Secrets/**
# comsos.lkv was added with the --force option
# notice the Cosmos* files are NOT checked into git
# you can generate them (i.e. for local debugging or CI-CD) with one command
# make sure to add LKV_HASH as an "Actions secret" for CI-CD
git status
How to file issues and get help
This project uses GitHub Issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new Issue.
For help and questions about using this project, please open a GitHub Issue.
Contributing
This project welcomes contributions and suggestions and has adopted the Contributor Covenant Code of Conduct.
For more information see the Code of Conduct FAQ.
Trademarks
This project may contain trademarks or logos for projects, products, or services. Any use of third-party trademarks or logos are subject to those third-party's policies.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
This package has no dependencies.