SECRET(1) FreeBSD General Commands Manual SECRET(1)

NAME

secret — utility to store and manage files encrypted with gpg(1)

SYNOPSIS

secret −h
secret −d name
secret −e name
secret −l name
secret −v

DESCRIPTION

The secret utility is a shell script that reads from stdin and encrypts (−e) the data with the users default gpg(1) public key. The encrypted data is output to the file name in the directory SECRETDIR.

The data can be decrypted (−d) to stdout using any part of name as the argument. A list of files will be displayed if there is more than one match.

See the EXAMPLE section below for further information on how this utility may be used.

−h

Show a summary of the available flags and exit.

−d

Decrypt the file that best matches name.

−e

Encrypt to the file name and if necessary clear(1) the screen.

−l

List the files matching name. A single asterisk (*) will list all the files in SECRETDIR.

−v

Show the current version number and exit.

ENVIRONMENT
SECRETDIR

The directory where secret stores the encrypted files. The default is $HOME/.secrets. This directory will be created if it does not exist.

SECRETGPG

The path to the gpg(1) or gpg2(1) executable. By default secret will look for it in PATH.

SECRETRCP

The recipient that gpg(1) will encrypt to. The default is to use the gpg(1) option ‘--default-recipient-self’.

FILES
$HOME/.secrets

The default directory for storing the encrypted files. This can be changed with the SECRETDIR environment variable.

EXIT STATUS

The secret utility exits 0 on success, and >0 if an error occurs.

The secret utility tries to exit with the status of the sub program that produced the error in question.

EXAMPLES

Encrypt ‘list.txt’ to the file named ‘enemies_list’:

secret -e enemies_list <list.txt

Decrypt the file matching ‘enemies’ and send the output to ‘revenge.txt’:

secret -d enemies >revenge.txt

The data can also be binary:

secret -e picture.jpg <compromising.jpg

The data need not be piped. Here follows an example that makes use of the shells line editor:

secret -e tulipenthusiast.com-login
(End with a newline, followed by pressing ctrl-d)
username: sperson
password: qwerty
<ctrl-d>
Secret stored in /home/sperson/.secrets/tulipenthusiast.com-login

To decrypt the above file to the screen for further copy-pasting:

secret -d tulip

Suppose we just want to see how many ‘tulip’ related files we have stored in SECRETDIR:

secret -l tulip

SEE ALSO

clear(1), environ(7), gpg(1), gpg2(1), sh(1)

secret:

http://yagrebu.net/secret/

GnuPG: https://www.gnupg.org/

AUTHORS

Mattias Wikstrom <burke@yagrebu.net>

SECURITY CONSIDERATIONS

Any automatic logging of shell input obviously represents a great security risk. Also the clearing of the screen after successful encryption should not be relied upon for any real safety. To protect sensitive data the console or terminal should be exited and any scrollback buffers should be securely wiped.

FreeBSD 10.3 June 22, 2017 FreeBSD 10.3