10 releases (4 breaking)
0.6.5 | Jan 4, 2022 |
---|---|
0.6.2 | Jan 4, 2022 |
0.6.0 | Jul 22, 2021 |
0.5.0 | Jul 19, 2021 |
0.2.4-alpha.0 | May 25, 2021 |
#586 in Configuration
30 downloads per month
30KB
701 lines
scoob
Scoob is a secrets management tool, designed to make managing your development and production secrets easier, and cloud-agnostic.
Secrets are encrypted using Sodium sealed boxes.
Installing
brew install hostyhosting/tap/scoob
Shell (Mac, Linux):
curl -fsSL https://scoob-rs.netlify.app/install.sh | sh
PowerShell (Windows):
iwr https://scoob-rs.netlify.app/install.ps1 -useb | iex
Build and install from source using Cargo:
cargo install scoob --locked
Docker
docker run -it --init hostypost/scoob:latest
In your Dockerfile
FROM hostypost/scoob:latest AS scoob
# Later in your Dockerfile...
COPY --from=scoob /usr/local/bin/scoob /usr/bin/scoob
Getting Started
First, you'll want to create a secrets file:
scoob manage ./secrets.yml
This will open your editor with an example Scoob configuration file. A pair of public and secret keys will auto-generated and provided in the file. Make sure you don't commit these into your repository, and instead replace them with values provided dynamically via environment variables. When you close your editor, all of the values under configuration:
will be encrypted, and the file will be written to disk.
At a later point, you can add additional secrets by running the same command:
scoob manage ./secrets.yml
We recommend creating a separate secrets file for development and production. This way, you can keep your production keys separate.
To use these secrets, you can start a process with Scoob:
scoob start ./secrets.yml <command...>
This will decrypt the secrets in the file, and will run the command with the secrets added to the environment variables.
File Encryption
Scoob also supports encrypting and decrypting files. This can be useful to encrypt configuration for tools that expect file-based configuration.
Encrypting Files
scoob file ./secrets.yml encrypt ./raw-file ./encrypted-file
By default, Scoob will use the *
key when encrypting a file. You can specify a specific encryption key with the --key
flag.
Decrypting Files
scoob file ./secrets.yml decrypt ./encrypted-file ./decrypted file-file
Dependencies
~32–48MB
~578K SLoC