SECRET(1) FreeBSD General Commands Manual SECRET(1)
secret — utility to store and manage files encrypted with gpg(1)
secret −d name
secret −e name
secret −l name
The secret utility is a shell script that reads from stdin and encrypts (−e) the data with the users default gpg(1) public key. The encrypted data is output to the file name in the directory SECRETDIR.
The data can be decrypted (−d) to stdout using any part of name as the argument. A list of files will be displayed if there is more than one match.
See the EXAMPLE section below for further information on how this utility may be used.
Show a summary of the available flags and exit.
Decrypt the file that best matches name.
Encrypt to the file name and if necessary clear(1) the screen.
List the files matching name. A single asterisk (*) will list all the files in SECRETDIR.
Show the current version number and exit.
The directory where secret stores the encrypted files. The default is $HOME/.secrets. This directory will be created if it does not exist.
The path to the gpg(1) or gpg2(1) executable. By default secret will look for it in PATH.
The recipient that gpg(1) will encrypt to. The default is to use the gpg(1) option ‘--default-recipient-self’.
The default directory for storing the encrypted files. This can be changed with the SECRETDIR environment variable.
The secret utility exits 0 on success, and >0 if an error occurs.
The secret utility tries to exit with the status of the sub program that produced the error in question.
Encrypt ‘list.txt’ to the file named ‘enemies_list’:
secret -e enemies_list <list.txt
Decrypt the file matching ‘enemies’ and send the output to ‘revenge.txt’:
secret -d enemies >revenge.txt
The data can also be binary:
secret -e picture.jpg <compromising.jpg
The data need not be piped. Here follows an example that makes use of the shells line editor:
(End with a newline, followed by pressing ctrl-d)
Secret stored in /home/sperson/.secrets/tulipenthusiast.com-login
To decrypt the above file to the screen for further copy-pasting:
secret -d tulip
Suppose we just want to see how many ‘tulip’ related files we have stored in SECRETDIR:
secret -l tulip
clear(1), environ(7), gpg(1), gpg2(1), sh(1)
Mattias Wikstrom <email@example.com>
Any automatic logging of shell input obviously represents a great security risk. Also the clearing of the screen after successful encryption should not be relied upon for any real safety. To protect sensitive data the console or terminal should be exited and any scrollback buffers should be securely wiped.
FreeBSD 10.3 June 22, 2017 FreeBSD 10.3