Skip to content

otakup0pe/raziel-leger

BranchesTags

Repository files navigation

Lo-Fi Opsec and Chill

test workflow status Maintenance GitHub License

raziel-leger

Overview

| raziel - a Hebrew name for an archangel, loosely translating as "secret of god"

| leger - a French word for "light"

raziel-leger is a simple command-line tool for encrypting and decrypting files using OpenSSL. It provides a convenient way to manage sensitive information within a project.

Features

  • Encryption/Decryption: Easily encrypt and decrypt files using AES-256-CBC.
  • Secure Deletion: Uses shred (if available) to securely delete plaintext files.
  • Simple Configuration: Uses a straightforward configuration file to define key paths and directories.
  • In-place Initialization: Can encrypt a file "in-place" when setting up a project.

Installation

  1. Clone the repository: 
    git clone https://github.com/otakup0pe/raziel-leger.git
  2. Place the raziel-leger.sh script in your project's scripts directory.

Configuration

  1. Create a .raziel-leger.conf file in the root of your project.

  2. Add the following configuration options:

    # Path to the file containing the encryption password
KEYFILE="${HOME}/.cache/key"

# Directory to store encrypted files
SECRET_DIR="${ROOTDIR}/secrets"

# Directory to store decrypted files
DECRYPT_DIR="${HOME}/.cache/secrets"
    1. Create the Key File: The KEYFILE must be manually created and contain the password/key. For example: 
      mkdir -p "$(dirname "$KEYFILE")"
echo "your-secret-password" > "$KEYFILE"
chmod 600 "$KEYFILE"

    Note: It is highly recommended to add the DECRYPT_DIR and KEYFILE to your .gitignore to avoid committing sensitive information. Better yet, do not keep KEYFILE in source control, but perhaps in ~/.cache.

Usage

Note that <file> is not an absolute path. raziel-leger will use this, combined with the SECRET_DIR and DECRYPT_DIR to determine the encrypted/decrypted file paths.

raziel-leger <command> <file>

Commands

  • init <file>: Encrypt a file in-place. This is intended for initial project setup.
  • decrypt <file>: Decrypt a file.
  • encrypt <file>: Encrypt a file.
  • clean <file>: Securely remove the plaintext version of a file.
  • view <file>: Decrypt and display the content of a file, then clean up the plaintext version.

Testing

The project uses Bats-core (Bash Automated Testing System) for unit and functional testing, and ShellCheck for static analysis.

Local Testing

Ensure you have bats-core and shellcheck installed on your system. You can then run the entire test suite using make:

make test

This single command will:

  1. Run shellcheck against the main script and all test files.
  2. Execute the Bats test suite in the tests/ directory.

Continuous Integration

All commits to Pull Requests automatically run the test suite via a GitHub Actions workflow, ensuring code quality and functionality are maintained.

License

BSD

Author

The raziel-leger tool was created by Jonathan Freedman after the third time this kind of logic was implemented as lo-fi secrets management.

About

Lightweight Secret Management

Topics

secrets secrets-management openssl-tools

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages