Friends don't let friends leak secrets on their terminal window

Overview

senv - safer env

ci

Friends don't let friends leak secrets in terminal windows.

📺 Print your environment to the terminal without worry, even in recorded Zoom sessions
🙈 Execute commands and block snooping your secrets
💻 Start an interactive shell with non-sensitive environment variables
🐳 Use senv with Docker to ensure nothing inside the container is snooping around
#️⃣ Copy senv to /usr/bin and use /usr/bin/senv in your shebang lines to ensure no secret leaks

Quick Start

You can install senv with homebrew:

$ brew tap spectralops/tap && brew install senv

Print env

Use it just like env. Now you can print your environment in Zoom sessions 😄

$ senv

Execute command

Using senv before your command ensures no environment variable you don't want will be transferred to the binary that will run:

$ senv my-binary --myopts todo.txt

A more secure shebang

Place senv in /usr/bin/senv, and now you run safe, like so:

#!/usr/bin/senv node

console.log("hello, world")

Options

$ senv --help
Arguments:
  [ ...]    Command to execute

Flags:
  -h, --help      Show context-sensitive help.
      --info      Show information
      --create    Create global config
      --config    Path to config file

The redaction list

Redactions are simply names of sensitive keys, or regular expressions of keys. Any of these is good:

GITHUB_TOKEN
.*_TOKEN

You can can submit a pull request if this is a popular key, or add to your own global configuration if you like to do things in a different but specific way.

Adding your own redactions

You can easily make your own custom redaction list. Create it:

$ senv --create
Wrote config to ~/.senv.yaml

Now you can add to your .senv.yaml:

# ~/.senv.yaml

redact:
- MY_SECRET_TOKEN

MY_SECRET_TOKEN will now be removed from the environment, in addition to the set of redaction senv already performs. If you like to start from scratch and redact only your own list:

# ~/.senv.yaml

no_defaults: true
redact:
- MY_SECRET_TOKEN

Use as a library

You can use senv as a library in the following way:

import (
	"github.com/spectralops/senv/pkg"
)
senv := pkg.Senv{
  Cmd: []string{ "my-cmd", "arg1" }
}
senv.Init()
senv.Clean() // from this point your env is clean

// you can also use:
// senv.Print()
// senv.Exec()

Contributing a default redaction

Default redactions are placed at pkg/redact.go. Please feel free to add a default and submit a PR if:

  • It is well-known
  • Generic enough, and not an edge-case

After adding a redaction, run & update tests if needed:

$ make test

Thanks:

To all Contributors - you make this happen, thanks!

Copyright

Copyright (c) 2021 @jondot. See LICENSE for further details.

Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

Tit Petric 20 May 6, 2022
:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly

Hugo Landau 1.9k Jul 31, 2022
Let's Encrypt client and ACME library written in Go

Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis

null 5.4k Aug 6, 2022
Let's Encrypt client and ACME library written in Go

Let's Encrypt client and ACME library written in Go. Features ACME v2 RFC 8555 Register with CA Obtain certificates, both from scratch or with an exis

null 5.5k Aug 8, 2022
Telling tales on you for leaking secrets!

Squealer Telling tales on you for leaking secrets! Squealer scans a local git repository for secrets that are being leaked deep within the commit hist

Owen Rumney 120 Jun 30, 2022
Find secrets and passwords in container images and file systems

Find secrets and passwords in container images and file systems

null 1.4k Aug 4, 2022
A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

HashiCorp 25.1k Aug 4, 2022
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

gilfoyle97 529 Aug 5, 2022
A containerd runc shim for replacing environment variables with external secrets

ext-secrets-runc-shim A containerd, runc-based, shim for replacing environment variables with secrets from arbitrary external engines. Quickstart Inst

Pelotech 7 Jul 29, 2022
Allows you to replace a secret in a file using secrets manager

secrets inserter Allows you to replace a secret in a file using secrets manager. ::SECRET:secret-name:SECRET:: will be replaced with your secret-name

null 0 Dec 12, 2021
QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security and store it on physical paper.

QR Secrets QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security. Incorporating; AES256-GCM-HKDF

Go Compile 0 Jan 12, 2022
Gorsair hacks its way into remote docker containers that expose their APIs

Gorsair Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access

Brendan Le Glaunec 774 Jul 23, 2022
Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own endpoint.

?? security-slacker Pokes users on Slack about outstanding risks found by Crowdstrike Spotlight or vmware Workspace ONE so they can secure their own e

Niels Hofmans 20 Jun 13, 2022
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

?? ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Batuhan Apaydın 41 Jun 25, 2022
2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d

Rijul Gulati 77 Jul 7, 2022
dont-interface calculates how many interface{} are declared or used in your project?

dont-interface calculates how many interface{} are declared or used in your project?

Ray Eldath 17 Jun 9, 2022
A Master list of Go Programming Tutorials, their write-ups, their source code and their current build status!

TutorialEdge TutorialEdge.net Go Tutorials ??‍?? ??‍?? Welcome to the TutorialEdge Go Repository! The goal of this repo is to be able to keep track of

TutorialEdge 277 Jul 26, 2022
Notification library for gophers and their furry friends.

Shoutrrr Notification library for gophers and their furry friends. Heavily inspired by caronc/apprise. Quick Start As a package Using shoutrrr is easy

containrrr 405 Aug 3, 2022
Goroutine leak detector

goleak Goroutine leak detector to help avoid Goroutine leaks. Installation You can use go get to get the latest version: go get -u go.uber.org/goleak

Uber Go 2.8k Jul 28, 2022
Tracking down a Memory Leak in Go/SQLite

Tracking down a Memory Leak in Go/SQLite run make test - WARNING: long running - several minutes on my workstation OSs supported: Windows_NT => memory

Stefan Thiel 1 Feb 28, 2022
Goroutine Leak Detector

Leaktest Refactored, tested variant of the goroutine leak detector found in both net/http tests and the cockroachdb source tree. Takes a snapshot of r

Ian 959 Jul 18, 2022
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Paul 3.5k Jul 30, 2022
Simplify Kubernetes Secrets Management with Dockhand Secrets Operator

dockhand-secrets-operator Secrets management with GitOps can be challenging in Kubernetes environments. Often engineers resort to manual secret creati

BoxBoat 14 Mar 15, 2022
Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

Tit Petric 20 May 6, 2022
Start of a project that would let people stay informed about safe running spaces in their area.

SafeRun Start of a project that would let people stay informed about safe running spaces in their area. Too many people I'm friends with feel unsafe w

Ryan Dunning 0 Feb 11, 2022
Darktile is a GPU rendered terminal emulator designed for tiling window managers.

Darktile is a GPU rendered terminal emulator designed for tiling window managers.

Liam Galvin 2.8k Jul 27, 2022
DORY is a tool who enables people to recover their access to an Active Directory service, by changing, resetting or unlocking their account.

DORY - Server Expose a simple API to manipulate AD. Password reinitialization Password changer Account Unlocking You must have LDAPS (port 636) active

be ys 2 Jun 20, 2022
The runner project is to create an interface for users to run their code remotely without having to have any compiler on their machine

The runner project is to create an interface for users to run their code remotely without having to have any compiler on their machine. This is a work in progress project for TCSS 401X :)

cam 6 May 29, 2022
Efficient moving window for high-speed data processing.

Moving Window Data Structure Copyright (c) 2012. Jake Brukhman. ([email protected]). All rights reserved. See the LICENSE file for BSD-style license. I

Jake Brukhman 31 Jun 30, 2021