🔐 Simple secure string password convertor

Cpass is simplified secured password two-ways encryption sub package port for Gosip.

By default, Cpass uses Machine ID as an encryption key so a secret hash can only be decrypted on a machine where it was generated.

Cpass's approach is appropriate in local development scenarios. The main goal is "not to show raw secret while presenting a desktop" or "not to commit raw secret by an incident to code source".


go get


package main

import (


func main() {

	var rawSecret string

	flag.StringVar(&rawSecret, "secret", "", "Raw secret string")

	crypt := cpass.Cpass("")

	secret, _ := crypt.Encode(rawSecret)


Encrypt secrets

go run ./ -secret "MyP@s$word"

When use result token/hash as a secret in private.json file(s).

From sandbox

Another option would be installing cpass from sandbox:

go install

And using cpass as a CLI, with no parameters the secret can be provided in a masked form without keeping it in console history:

$ cpass
Password to encode: ********

Last updated