SECRET(1) FreeBSD General Commands Manual SECRET(1)
NAME
secret — utility to store and manage files encrypted with gpg(1)
SYNOPSIS
secret −h
secret −d name
secret −e name
secret −l name
secret −v
DESCRIPTION
The secret utility is a shell script that reads from stdin and encrypts (−e) the data with the users default gpg(1) public key. The encrypted data is output to the file name in the directory SECRETDIR.
The data can be decrypted (−d) to stdout using any part of name as the argument. A list of files will be displayed if there is more than one match.
See the EXAMPLE section below for further information on how this utility may be used.
−h
Show a summary of the available flags and exit.
−d
Decrypt the file that best matches name.
−e
Encrypt to the file name and if necessary clear(1) the screen.
−l
List the files matching name. A single asterisk (*) will list all the files in SECRETDIR.
−v
Show the current version number and exit.
ENVIRONMENT
SECRETDIR
The directory where secret stores the encrypted files. The default is $HOME/.secrets. This directory will be created if it does not exist.
SECRETGPG
The path to the gpg(1) or gpg2(1) executable. By default secret will look for it in PATH.
SECRETRCP
The recipient that gpg(1) will encrypt to. The default is to use the gpg(1) option ‘--default-recipient-self’.
FILES
$HOME/.secrets
The default directory for storing the encrypted files. This can be changed with the SECRETDIR environment variable.
EXIT STATUS
The secret utility exits 0 on success, and >0 if an error occurs.
The secret utility tries to exit with the status of the sub program that produced the error in question.
EXAMPLES
Encrypt ‘list.txt’ to the file named ‘enemies_list’:
secret -e enemies_list <list.txt
Decrypt the file matching ‘enemies’ and send the output to ‘revenge.txt’:
secret -d enemies >revenge.txt
The data can also be binary:
secret -e picture.jpg <compromising.jpg
The data need not be piped. Here follows an example that makes use of the shells line editor:
secret -e
tulipenthusiast.com-login
(End with a newline, followed by pressing ctrl-d)
username: sperson
password: qwerty
<ctrl-d>
Secret stored in
/home/sperson/.secrets/tulipenthusiast.com-login
To decrypt the above file to the screen for further copy-pasting:
secret -d tulip
Suppose we just want to see how many ‘tulip’ related files we have stored in SECRETDIR:
secret -l tulip
SEE ALSO
clear(1), environ(7), gpg(1), gpg2(1), sh(1)
secret:
http://yagrebu.net/secret/
GnuPG: https://www.gnupg.org/
AUTHORS
Mattias Wikstrom <burke@yagrebu.net>
SECURITY CONSIDERATIONS
Any automatic logging of shell input obviously represents a great security risk. Also the clearing of the screen after successful encryption should not be relied upon for any real safety. To protect sensitive data the console or terminal should be exited and any scrollback buffers should be securely wiped.
FreeBSD 10.3 June 22, 2017 FreeBSD 10.3