Cpass
🔐 Simple secure string password convertor
By default, Cpass uses Machine ID as an encryption key so a secret hash can only be decrypted on a machine where it was generated.
Cpass's approach is appropriate in local development scenarios. The main goal is "not to show raw secret while presenting a desktop" or "not to commit raw secret by an incident to code source".
go get github.com/koltyakov/gosip/cpass
package main
import (
"flag"
"fmt"
"github.com/koltyakov/gosip/cpass"
)
func main() {
var rawSecret string
flag.StringVar(&rawSecret, "secret", "", "Raw secret string")
flag.Parse()
crypt := cpass.Cpass("")
secret, _ := crypt.Encode(rawSecret)
fmt.Println(secret)
}
go run ./ -secret "MyP@s$word"
#> -lywbAGD4iPYdJXDxLAQoMUbfBXBIQR2UZYl
When use result token/hash as a secret in
private.json
file(s).Another option would be installing
cpass
from sandbox:go install github.com/koltyakov/gosip-sandbox/samples/cpass
And using
cpass
as a CLI, with no parameters the secret can be provided in a masked form without keeping it in console history:$ cpass
Password to encode: ********
poXx8zaJM6gLazPCtv4rMVLoTuzX_1BvYJlMAQqK
Last modified 3yr ago