LocalKeyVault 0.3.0

There is a newer version of this package available.
See the version list below for details.
dotnet tool install --global LocalKeyVault --version 0.3.0                
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local LocalKeyVault --version 0.3.0                
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=LocalKeyVault&version=0.3.0                
nuke :add-package LocalKeyVault --version 0.3.0                

Local Key Vault

A simple "local" Key Vault to improve the developer experience

  • Secrets are encrypted and stored in a local file
    • This file can safely be checked into git
  • The encryption key defaults to your SSH key (id_rsa)
    • You can use a shared key during vault creation
  • A one-way hash is generated (id_rsa.hash) automatically
    • You can share this hash with your development team
    • Simply save in your SSH directory
      • $HOME/.ssh
  • You are responsible for SSH key management

GitHub Codespaces and GitHub Actions allow you to securely inject secrets

  • See .devcontainer/on-create.sh for this example
    • LKV_HASH is the GitHub secret

# add hash from Codespaces secret
echo $LKV_HASH > $HOME/.ssh/id_rsa.hash
echo $LKV_HASH > $HOME/.ssh/id_shared.hash

Installation

Installed automatically in Codespaces


# requires dotnet SDK 6
dotnet tool install --global localkeyvault

Usage


# Show usage
lkv


Usage:
  lkv [command] [options]

Commands:
  create <vault>       Create a local key fault
  clear                Clear secrets from local vault
  get <key>            Get secret by key
  set <key> <value>    Set secret
  delete <key>         Delete secret by key
  list                 List secrets
  import <secretName>  Import secrets from Kubernetes
  export               Export secrets

Options:
  --version       Show version information
  -?, -h, --help  Show help and usage information

Quick Start


# create a new vault
lkv create myvault
cat myvault.lkv

# add some secrets
lkv set foo bar
lkv set bar foo

# check the file
cat myvault.lkv

# check the secrets
lkv list
lkv get foo
lkv get bar

# source into env vars
source <(lkv export env)
echo $foo
echo $bar

Kubernetes support with Codespaces

  • Codespaces creates a shared key at $HOME/.ssh/id_shared.hash
    • This is created in .devcontainer/on-create.sh per above

# if this fails, you don't have the shared key from the Codespaces secret
cat $HOME/.ssh/id_shared.hash

  • Since we have a shared secret, we are able to use the Secrets/cosmos.lkv file across our dev team and CI-CD

# create a Kubernetes cluster (k3d)
k3d cluster create

# get secrets
kubectl get secrets

# change to the secrets directory
cd Secrets

# check the secrets
lkv list
lkv get CosmosKey

# export the shared secret to the default namespace
lkv export k8s cosmos

# get secrets
kubectl get secrets cosmos

# export the secrets to key files
lkv export files

ll

cat CosmosKey
cat CosmosUrl

# .gitignore is configure to ignore Secrets/**
#    comsos.lkv was added with the --force option
# notice the Cosmos* files are NOT checked into git
#    you can generate them (i.e. for local debugging or CI-CD) with one command
#    make sure to add LKV_HASH as an "Actions secret" for CI-CD
git status

How to file issues and get help

This project uses GitHub Issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates. For new issues, file your bug or feature request as a new Issue.

For help and questions about using this project, please open a GitHub Issue.

Contributing

This project welcomes contributions and suggestions and has adopted the Contributor Covenant Code of Conduct.

For more information see the Code of Conduct FAQ.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Any use of third-party trademarks or logos are subject to those third-party's policies.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
0.3.2 1,271 1/19/2022
0.3.1 965 1/18/2022
0.3.0 1,082 1/17/2022