Master :

Develop :

This tool is a personal safe.

• BoltDB
• Amazon S3
• Google Cloud Storage

• Amazon KMS
• GPG
• AES

You can download the binaries :

• Architecture i386 [ linux / darwin / freebsd / netbsd / openbsd / windows ]
• Architecture amd64 [ linux / darwin / freebsd / netbsd / openbsd / windows ]
• Architecture arm [ linux / freebsd / netbsd ]

Enigma configuration use toml format. File is located into $HOME/.config/enigma/enigma.toml.

To use the Amazon KMS, :

• Creates a KMS key via the AWS Console and store its ID (a UUID)

• Setup the AWS region

• Setup into the configuration file :

    [kms]
    region = "eu-west-1"
    keyID = "xxxx-xxxx-xxxx"
  

• Setup into the configuration file :

    [s3]
    region = "eu-west-1"
    bucket = "my-enigma-bucket"
  

• Initialize your bucket into S3 :

    $ enigma bucket --debug create
    Create bucket
    2016/01/14 23:45:10 [DEBUG] Amazon S3 Create bucket : cdcdscsdcsd
    2016/01/14 23:45:11 [DEBUG] Amazon S3 {
        Location: "http://cdcdscsdcsd.s3.amazonaws.com/"
    }
    Bucket successfully created
  

Specify the email to use with your public key:

    [gpg]
    email = "foo.bar@gmail.com"

• Setup into the configuration file :

    [boltdb]
    file = "/tmp/enigma.db"
    bucket = "enigma"
  

• Create your bucket :

    $ enigma bucket --debug create
    2016/01/14 23:57:11 Create /tmp/enigma
    Create bucket
    Bucket successfully created
  

# enigma.toml

# Encryption provider
backend = "gpg"

# Storage backend
storage = "boltdb"

[gpg]
email = "foo.bar@gmail.com"

[kms]
region = "eu-west-1"
keyID = "xxxx-xxxx-xxxx"

[aes]
key = "abcdefghijklmnop"

[s3]
region = "eu-west-1"
bucket = "mybucket"

[boltdb]
file = "/tmp/enigma.db"
bucket = "enigma"

• List all secrets:

    $ enigma secret list
    List secrets :
  

• Store a new secret :

    $ enigma secret --key="mysecret" --text="mypassword" put
    Store secret text mypassword with key mysecret
    Successfully uploaded data with key mysecret
  
    $ enigma secret list
    List secrets :
    - mysecret
  

• Retrieve a secret :

    $ enigma secret --key="mysecret" get
    Retrive secret text for key : mysecret
    Decrypted: mypassword
  

• Store a new secret :

    $ enigma secret --debug --key="nicolas" --text="mypassword" put
    2016/01/14 23:08:04 [DEBUG] Init BoltDB storage : /tmp/enigma.db
    Store secret text mypassword with key nicolas
    2016/01/14 23:08:04 [DEBUG] GPG Open public keyring /home/nlamirault/.gnupg/pubring.gpg
    2016/01/14 23:08:04 [DEBUG] GPG Read public keyring
    2016/01/14 23:08:04 [DEBUG] GPG Search key into keyring using nicolas.lamirault@gmail.com
    2016/01/14 23:08:04 [DEBUG] Put : nicolas -----BEGIN PGP MESSAGE-----
    [...]
    4AHkPJd4QQaimnFACYR8pTeEUuEgOODO4Arhwt/gDOKYMAIv4ILjI5qsqqWR+qjg
    zOF8/+Dp5GSbF7vp19ilGb8OubCpgHTiL/fIquGi8AA=
    =9agp
    -----END PGP MESSAGE-----
    Successfully uploaded data with key nicolas
  

• Retrieve a secret :

    $ bin/enigma secret --debug --key="nicolas" get
    2016/01/14 23:10:06 [DEBUG] Init BoltDB storage : /tmp/enigma.db
    Retrive secret text for key : nicolas
    2016/01/14 23:10:06 [DEBUG] Search entry with key : nicolas
    2016/01/14 23:10:06 [DEBUG] GPG Search key into keyring using nicolas.lamirault@gmail.com
    GPG Passphrase:
    2016/01/14 23:10:11 [DEBUG] GPG Decrypting private key using passphrase
    2016/01/14 23:10:11 [DEBUG] GPG Finished decrypting private key using passphrase
    Decrypted: mypassword
  

• Initialize environment

    $ make init
  

• Build tool :

    $ make build
  

• Launch unit tests :

    $ make test
  

See CONTRIBUTING.

See LICENSE for the complete license.

A changelog is available

Nicolas Lamirault nicolas.lamirault@gmail.com