Safe is a Vault Command Line Interface that makes reading from and writing to the Vault easier to do.
How to get this tool
To use this tool, please use a method listed below.
In a Linux (Debian OS), run the following command(s).
git clone https://github.com/starkandwayne/safe.git
Download directly from the following link:
How to execute
**If you run Homebrew on MacOS, be aware that the Formula for safe in homebrew core is outdated, incorrect, and unmaintained. We maintain our own tap, which you are encouraged to use instead:
brew tap starkandwayne/cf brew install starkandwayne/cf/safe
safe operates by way of sub-commands. To generate a new 2048-bit SSH keypair, and store it in secret/ssh:
safe ssh 2048 secret/ssh
To set non-sensitive keys, you can just specify them inline:
safe set secret/ssh username=system
If you use a password manager (good for you!) and don't want to have to paste passwords twice, use the paste subcommand:
safe paste secret/1pass/managed
Commands can be chained by separating them with the argument terminator, --, so to both create a new SSH keypair and set the username:
safe ssh 2048 secret/ssh -- set secret/ssh username=system
Auto-generated passwords are easy too:
safe gen secret/account passphrase
Sometimes, you just want to import passwords from another source (like your own password manager), without the hassle of writing files to disk or the risk of leaking credentials via the process table or your shell history file. For that, safe provides a double-confirmation interactive mode:
safe set secret/ssl/ca passphrase passphrase [hidden]: passphrase [confirm]:
What you type will not be echoed back to the screen, and the confirmation prompt is there to make sure your fingers didn't betray you.
All operations (except for delete) are additive, so the following:
safe set secret/x a=b c=d # is equivalent to this: safe set secret/x a=b -- set secret/x c=d
Need to take an existing password, and generate a crypt-sha512 hash, or base64 encode it? safe fmt will do this, and store the results in a new key for you, making it easy to generate a password, and then format that password as needed.
safe gen secret/account password safe fmt base64 secret/account password base64_pass safe fmt crypt-sha512 secret/account password crypt_pass safe get secret/account
- Apply for membership (free) at caribbeancspa.org > apply, if you have a photo ID from the Caribbean.
- View our list of Members at caribbeancspa.org > members.
This article was contributed by Racquel Bailey from Jamaica. Racquel is a member of the Caribbean CSPA.