kbsecret - secret manager backed by Keybase
kbsecret [options] <command [arguments]>
kbsecret is a secret manager.
It can be used to manage username/password combinations, environment keys, code snippets, "to do" notes, files, and many other forms of structured data.
kbsecret is just a directory structure containing JSON files
whose fields correspond to fields in Ruby objects. Those files
are written and read from KBFS, a fuse(8) filesystem using
Keybase. This provides transparent encryption via the key created or uploaded
Since KBFS allows for transparent encryption between multiple Keybase users,
kbsecret can share secrets between multiple users and via multiple "sessions,"
each of which can have an arbitrary number of users and records within it.
Print general help information, including a list of all available commands.
This is an alias for the kbsecret-help(1) built-in.
kbsecret's version number.
This is an alias for the kbsecret-version(1) built-in.
These are the main commands provided by a normal kbsecret(1) installation.
You can customize your installation to include additional commands, which will appear in the list generated by kbsecret-commands(1) if made executable and placed on the $PATH.
All core kbsecret(1) commands respect (i.e., will not complain about) the following options. These are documented here (and only here) for the sake of brevity:
Produce more verbose output, which is disabled by default.
Verbose output is emitted on the standard error stream.
Suppress warning output, which is enabled by default.
Warning output is emitted on the standard error stream.
Produce full backtraces on errors, instead of just short error messages.
Backtrace output is emitted on the standard error stream.
Print help information for the command.
Print all flags (and subcommands) accepted by the command.
This is used primarily for tab completion, and is a parseable subset of the
output produced by
kbsecret commands require environment settings. These will be specified
in their respective manual pages.
kbsecret returns 0 on success, and nonzero on failure or error.
Records stored in KBFS are fully encrypted and as secure as the PGP private key used by Keybase. However, when KBFS is running on your logged-in computer, any same-user process can copy from it. This is no different from many other password and secret managers, but is worth remembering.
kbsecret is maintained by William Woodruff.
kbsecret is licensed under the terms of the MIT license.
The full text can be found under the "LICENSE" file in
kbsecret's source code,
which is available at https://github.com/kbsecret/kbsecret.