aol / mrcrypt Goto Github PK
View Code? Open in Web Editor NEWA command-line tool that uses AWS KMS to encrypt secrets once, and decrypts them from multiple AWS regions.
License: Other
A command-line tool that uses AWS KMS to encrypt secrets once, and decrypts them from multiple AWS regions.
License: Other
We should add the ability to re-encrypt files that are using the old uncompressed points, as suggested by @mattsb42-aws in #8.
Related: #10
If the user is decrypting a file that was encrypted with an uncompressed key, we should print out a warning telling them this.
I know that we have previously discussed the possibility of mrcrypt migrating to use the AWS Encryption SDK for Python internally. However, now that we have released the AWS Encryption SDK CLI, I think that the best route to achieve this is to build on top of the CLI rather than the SDK directly.
The AWS Encryption SDK CLI provides all of the functionality of mrcrypt (with two exceptions that I discuss below), just with a different interface. So, what I think would make the most sense is to keep the mrcrypt parser and add a layer that translates the parsed arguments to arguments for the AWS Encryption SDK CLI.
I have a PoC put together on my fork that implements this. Before going any deeper, does this look like a direction that you would be interested in taking mrcrypt?
There are two places where the AWS Encryption SDK CLI (by design) does not match mrcrypt's feature set:
In the PoC, I address the uncompressed ECDSA public key problem with a custom cryptographic materials manager.
When we were looking at the question of what permissions to use for output files, we came to the conclusion that the AWS Encryption SDK CLI should not make any specific statements about the permissions, and instead simply honor the umask (on POSIX) or the parent directory permissions (on Windows). However, if you want to retain mrcrypt's behavior of setting specific permissions on the output files, this could be implemented by collecting the output metadata from the AWS Encryption SDK CLI, parsing it to determine what files were created, and changing the permissions on those files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.