A tool for securely storing and loading secrets into commandline tools.
Inspired by and related to envchain, aws-vault, chamber.
Chain works entirely locally and does not depend on any external services.
Methods:
hermit install chain
See docs for full commands
echo "AWS_SECRET_KEY_ID=FAKEKEY" | chain set aws-creds
chain get aws-creds
chain exec aws-creds -- aws s3 ls...
# ENV variables
CHAIN_PASSWORD=<password used in keychain for storing key>
CHAIN_STORE=[1-5 see chain.proto for examples]
CHAIN_DIR=<directory for files stored on disk, default=.chain>
See the proto for which stores are available and their respective cmd/*_store.go
and stores files for implementation. They can also be seen in proto.
chain
age
based backend to replace JOSEINDEX
keyk/v
pairs with UUID as outer key for filenameOriginally forked from https://github.com/evanphx/schain.