Morocco

Store your secrets securely in the cloud.

Morocco is a command-line secrets store supporting AWS (implemented) and Google Cloud Platform (coming soon).

How to install

Download the latest binary from the releases page. There are binaries for Mac and Linux.

(Optional) put the binary somewhere on your $PATH.

How to use

Initial setup

Before you can start storing secrets, you will need to run morocco aws setup.

This will create a DynamoDB table and a KMS (Key Management Service) customer master key.

$ morocco aws setup
Set up complete. Created Dynamo table. Created customer master key.

Storing a secret

Use the "put" command to store a secret:

$ morocco aws put db.password so-very-secret
Stored secret.

Here db.password is an identifier for the secret, and so-very-secret is the value you want to store securely.

If a secret with that ID already exists and you want to update it, use the --overwrite option:

$ morocco aws put --overwrite db.password new-value
Stored secret.

Getting a secret

$ morocco aws get db.password
new-value

Listing secrets

$ morocco aws list
db.password
other.secret

Deleting a secret

$ morocco aws delete db.password
Deleted secret.

Encryption

Secrets are encrypted using AES-256 in CBC (Cipher Block Chaining) mode with PKCS padding. IVs are secure random bytes.

Mole

Morocco Mole is the sidekick of Secret Squirrel, who knows a thing or two about security.

Acknowledgements

Morocco was inspired by credstash.