kbsecret
- secret manager backed by Keybase
kbsecret
[options] <command [arguments]>
kbsecret
is a secret manager.
It can be used to manage username/password combinations, environment keys, code snippets, "to do" notes, files, and many other forms of structured data.
Internally, kbsecret
is just a directory structure containing JSON files
whose fields correspond to fields in Ruby objects. Those files
are written and read from KBFS, a fuse(8) filesystem using
Keybase. This provides transparent encryption via the key created or uploaded
through Keybase.
Since KBFS allows for transparent encryption between multiple Keybase users,
kbsecret
can share secrets between multiple users and via multiple "sessions,"
each of which can have an arbitrary number of users and records within it.
-h
, --help
Print general help information, including a list of all available commands.
This is an alias for the kbsecret-help(1) built-in.
-v
, --version
Print kbsecret
's version number.
This is an alias for the kbsecret-version(1) built-in.
These are the main commands provided by a normal kbsecret(1) installation.
You can customize your installation to include additional commands, which will appear in the list generated by kbsecret-commands(1) if made executable and placed on the $PATH.
All core kbsecret(1) commands respect (i.e., will not complain about) the following options. These are documented here (and only here) for the sake of brevity:
-V
, --verbose
Produce more verbose output, which is disabled by default.
Verbose output is emitted on the standard error stream.
-w
, --no-warn
Suppress warning output, which is enabled by default.
Warning output is emitted on the standard error stream.
--debug
Produce full backtraces on errors, instead of just short error messages.
Backtrace output is emitted on the standard error stream.
-h
, --help
Print help information for the command.
--introspect-flags
Print all flags (and subcommands) accepted by the command.
This is used primarily for tab completion, and is a parseable subset of the
output produced by -h
, --help
.
Some kbsecret
commands require environment settings. These will be specified
in their respective manual pages.
kbsecret
returns 0 on success, and nonzero on failure or error.
Records stored in KBFS are fully encrypted and as secure as the PGP private key used by Keybase. However, when KBFS is running on your logged-in computer, any same-user process can copy from it. This is no different from many other password and secret managers, but is worth remembering.
kbsecret
is maintained by William Woodruff.
kbsecret
is licensed under the terms of the MIT license.
The full text can be found under the "LICENSE" file in kbsecret
's source code,
which is available at https://github.com/kbsecret/kbsecret.
KBFS: https://keybase.io/docs/kbfs
Keybase: https://keybase.io/docs
kbsecret-configuration(5), pass(1), fuse(8)