A Little Bit of a Disaster, A Lot of Motivation: Building a CLI Secret Manager
Saif Mahmud
Posted on November 21, 2024
So, let's talk about a little mishap that turned into a major motivation. My shiny new Macbook Pro M3, fresh out of the box, decided to brick itself after a routine software update. Cue dramatic music. And with it, went all my precious data, including those pesky secrets like API keys, SSH keys, and personal shell scripts. The worst part? A critical production deployment was looming just two days away.
The Domino Effect of Lost Secrets
With my secrets gone, I had to reach out to various teams and departments to obtain new ones. This process, unfortunately, took longer than expected in the corporate world. The delays in acquiring these essential keys ultimately led to the postponement of the deployment.
Why a CLI Secret Manager?
This incident forced me to rethink my secret management strategy. Sure, I could've just zipped up the secrets and tossed them onto Google Drive, OneDrive, or S3. But let's be real, that's a huge security risk:
- Unauthorized Access: If someone gains access to your cloud storage account, they could potentially get their hands on your sensitive information.
- Data Breaches: Cloud storage providers, while generally secure, aren't immune to data breaches.
Password-protecting the archive is an option, but I'm too lazy to do that. Using a third-party service like LastPass is another possibility, but it requires manual updates and management; again, lazy.
There are also native applications that offer automatic syncing, but let's be honest, the free ones are either poorly maintained or have a bad user experience. And the paid ones? Pfft, please.
Even if there is one that checks out all of my requirements, as a software engineer, I couldn't resist the urge to build my own; something that I could control and customize. So, I decided to build my own CLI secret manager.
What's the Plan?
I'm building a CLI application that will allow me to:
- Store: Using strong encryption and secure storage mechanisms.
- Retrieve: With simple commands to access the secrets I need.
- Manage: Easily add, remove, and update secrets.
- Sync: Ensure consistency across multiple machines.
- Share: Securely share secrets with others using asymmetric keys.
I've chosen PHP and Laravel Zero as the technology stack for this project. Why PHP, you ask? Well, it's a language I love more than my ex, who I'm still kind of hung up on, but at least I'm not hung up on Python. And Laravel is a rock-solid framework. To make the application accessible to a wider audience, I'll try to create a standalone binary using static-php-cli and box-project.
Stay Tuned for More
I'll be sharing regular updates on the development process, including challenges, solutions, and best practices. I'll also be releasing the project on GitHub once it's complete, so you can contribute or use it yourself.
So, buckle up and join me on this exciting journey as I build a powerful(?) and secure CLI secret manager.
Posted on November 21, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 21, 2024