Apr 8, 2017 Tags: kbsecret, programming, ruby
Background: I’ve been developing kbsecret on an on-again, off-again basis for the past few weeks. This post is going to detail how I’ve integrated it into my daily workflow, including comparisons of my previous techniques for keeping synchronizing secrets and other miscellanea between my machines.
Prior to kbsecret, I had two techniques for keeping my secrets synchronized: Firefox Sync (which I still use since it’s so convenient) and an ad-hoc collection of plain text files in my private KBFS directory. Since these files had grown organically over time and weren’t structured in any consistent way, finding a particular secret tended to involve opening my file manager, navigating to the files, and then opening them in an editor to find the relevant field. From a scripting perspective, this wasn’t ideal.
With kbsecret and
kbsecret dmenu-pass (which isn’t an “official” command,
but is available
my workflow looks like this:
(In case it isn’t clear, what’s happening here is that
dmenu is being
populated with the list of records (just
example in this case) in the session
demo), with the selected record being accessed and sent to the clipboard.)
Similarly, I use
kbsecret zen-login (also unofficial, also available
to provide a graphical dialog for creating new login records:
(This is just a pretty frontend for
kbsecret new login abc def somepassword.)
Like my secrets, my snippets were originally stored in various unformatted files (as well as in shell aliases). This wasn’t quite as painful as my unorganized secrets, but was still unscriptable and more tedious than it needed to be.
I added snippet support to kbsecret in the
(which was today!), meaning that
KBSecret::Record::Snippet is one of the
supported record schemas. It’s a bit of a second class citizen right now, but
the (once again, unofficial)
kbsecret snip (available
illustrates how I use it in the command line:
(This is similar but not identical to
kbsecret list -a -t snippet.)
kbsecret is maturing rapidly, and I recommend checking it out if you already use Keybase/KBFS:
1 2 $ gem install kbsecret $ kbsecret help # check the README too
It would ultimately be nice to have a browser plugin for kbsecret (thereby fully replacing my need for Firefox Sync), so that’s something I might look into. Until then, I’m going to continue refining the command line tools, both official and unofficial.