Programming, philosophy, pedaling.

Augmenting my Workflow with kbsecret

Apr 8, 2017     Tags: kbsecret, programming, ruby    

Background: I’ve been developing kbsecret on an on-again, off-again basis for the past few weeks. This post is going to detail how I’ve integrated it into my daily workflow, including comparisons of my previous techniques for keeping synchronizing secrets and other miscellanea between my machines.


Prior to kbsecret, I had two techniques for keeping my secrets synchronized: Firefox Sync (which I still use since it’s so convenient) and an ad-hoc collection of plain text files in my private KBFS directory. Since these files had grown organically over time and weren’t structured in any consistent way, finding a particular secret tended to involve opening my file manager, navigating to the files, and then opening them in an editor to find the relevant field. From a scripting perspective, this wasn’t ideal.

With kbsecret and kbsecret dmenu-pass (which isn’t an “official” command, but is available here), my workflow looks like this:

(In case it isn’t clear, what’s happening here is that dmenu is being populated with the list of records (just example in this case) in the session (demo), with the selected record being accessed and sent to the clipboard.)

Similarly, I use kbsecret zen-login (also unofficial, also available here) to provide a graphical dialog for creating new login records:

(This is just a pretty frontend for kbsecret new login abc def somepassword.)


Like my secrets, my snippets were originally stored in various unformatted files (as well as in shell aliases). This wasn’t quite as painful as my unorganized secrets, but was still unscriptable and more tedious than it needed to be.

I added snippet support to kbsecret in the 0.0.07 release (which was today!), meaning that KBSecret::Record::Snippet is one of the supported record schemas. It’s a bit of a second class citizen right now, but the (once again, unofficial) kbsecret snip (available here) illustrates how I use it in the command line:

(This is similar but not identical to kbsecret list -a -t snippet.)

Future directions

kbsecret is maturing rapidly, and I recommend checking it out if you already use Keybase/KBFS:

$ gem install kbsecret
$ kbsecret help # check the README too

It would ultimately be nice to have a browser plugin for kbsecret (thereby fully replacing my need for Firefox Sync), so that’s something I might look into. Until then, I’m going to continue refining the command line tools, both official and unofficial.

- William