Tools > ssh-vault
encrypt/decrypt files using ssh keys
ssh-vault 🌰
encrypt/decrypt using ssh keys
Documentation
The legacy SSH RSA keys with header
-----BEGIN RSA PRIVATE KEY-----are not any more supported, convert your key to new format with:
ssh-keygen -p -f <path/to/your/private.key>
Usage
$ ssh-vault -h
encrypt/decrypt using ssh keys
Usage: ssh-vault [COMMAND]
Commands:
create Create a new vault [aliases: c]
edit Edit an existing vault [aliases: e]
fingerprint Print the fingerprint of a public ssh key [aliases: f]
view View an existing vault [aliases: v]
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
-V, --version Print version
Examples:
Create a vault:
$ echo "secret" | ssh-vault create -u <github.com/user>
View a vault:
echo "SSH-VAULT..."| ssh-vault view
Share a secret:
$ echo "secret" | ssh-vault create -u new
Installation
Mac OS
brew install ssh-vault
Using Cargo
$ cargo install ssh-vault
Development Notes
ssh-vault uses rand 0.10 for application-owned randomness.
The remaining older rand in the dependency graph is currently transitive via
the released rsa / ssh-key stack. Keep new application code on rand 0.10
APIs and only use the RSA-local compatibility path where rsa requires its own
rand_core types. Revisit this when upstream releases remove that constraint.
Issues
Please feel free to raise any issue, feature requirement or a simple comment here.