Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Show HN: Secs-man, a secrets manager you can (not) rely on(github.com)
14 points by Fran314 3 hours ago | 9 comments

This is a tool to manage encrypted local backups of secrets. The core idea is that it aims to be usable without depending on it, meaning that even if the software disappeared from the face of Earth tomorrow, your data would still be recoverable.

It also integrates nicely with NixOS (which is what I use, though it does not require NixOS to be used).

I have summed up a bit of explanation and some answers to reasonable questions in a blog post: https://baldino.dev/blog/secs-man/

bhuvanbk007 42 minutes ago | parent | next [-]

So is this like a encrypt tool where we pass an external key to encrypt and we can use other apps to decrypt since key is not embedded in the tool? Or am I understanding it wrong?

Fran314 29 minutes ago | parent [-]

That is true, but it's not specifically what makes it unique. Most encryption tool (like https://github.com/FiloSottile/age which is what secs-man uses under the hood) do not usually bake in the encryption key, rather they expect you to generate it and provide it.

This is true for secs-man too: when you export it prompts with "Enter passphrase:" and you enter the passphrase (I am considering extending it to read the passphrase from a file or from an environment variable, or piped in from stdin, but I'm still not sure what to think of if from a security standing point and I they don't fit my current use so I don't have it in the current TODO)

What makes it unique is that it can be completely emulated by hand (even though it might be a bit tedious) from just a terminal with bash and age installed. This is explained a bit better in the blog post or in the "philosophy section" of the README, but the main point is that (in my opinion) you should NEVER find yourself vendor-locked-in for any data, in particular for secrets. However, you will always need tools for managing them. My tool is designed to be usable and avoid vendor-lock-in, meaning that even if you lose access to the tool you are not locked out of your tools!

I have probably phrased it better in the linked blog post, I invite you to read it if you're still curious. I'm here for any other question!

rirze 7 minutes ago | parent [-]

Sincerely, I don't get the motivation for this. It feels like `age` is pulling most of the work I care about. `age` is the only tool here encrypting and decrypting secrets, are you managing the orchestration of secrets with your tool?

lolpython an hour ago | parent | prev [-]

It reads to me as "sex man" but aside from that, looks useful!

Fran314 an hour ago | parent | next [-]

As pointed out by the other user, yes it is intentional, I always like a silly name

Also, thank you for the comment! I use it on a weekly basis and it has integrated very nicely with my setup

mrhottakes an hour ago | parent [-]

The name is great, we should bring whimsy back to software

srean 15 minutes ago | parent | prev | next [-]

And in these neck of the woods man is a short for manual :)

soiltype an hour ago | parent | prev [-]

I have to assume that's intentional, lol

Fran314 an hour ago | parent [-]

Yes, that was intentional. Originally it was just called "secrets-manager", I decided to shorten it only because it was (not really) too long to type, and a friend of mine had the realization that you can abbreviate it to something that sounds funny!