Universal cryptographic tool with AWS KMS, GCP KMS and Azure Key Vault support.
Provider | Maturity |
---|---|
AWS KMS | beta |
GCP KMS | alpha |
Azure Key Vault | alpha |
For binaries please visit the Releases Page.
$ go get github.com/VirtusLab/crypt
NAME:
crypt - Universal cryptographic tool with AWS KMS, GCP KMS and Azure Key Vault support
USAGE:
crypt [global options] command [command options] [arguments...]
VERSION:
v0.0.5
AUTHOR:
VirtusLab
COMMANDS:
encrypt, enc, en, e Encrypts files and/or strings
decrypt, dec, de, d Decrypts files and/or strings
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -d run in debug mode
--help, -h show help
--version, -v print the version
AWS KMS uses client from AWS SDK for Go.
You can either run aws configure
(if you don't have ~/.aws/credentials
already) or set environment variables.
Example usage with file:
$ echo "top secret" > file.txt
$ crypt encrypt aws \
--in file.txt \
--out file.enc \
--region eu-west-1 \
--kms alias/test
$ crypt decrypt aws \
--in file.enc \
--out file.dec \
--region eu-west-1
Example usage with stdin
:
$ echo "top secret" | crypt encrypt aws \
--out file.enc \
--region eu-west-1 \
--kms alias/test
GCP KMS uses DefaultClient from Google Cloud Client Libraries for Go.
You can either run gcloud auth application-default login
or set GOOGLE_APPLICATION_CREDENTIALS
environment variable which points to the file with valid service account.
Example usage with file:
$ echo "top secret" > file.txt
$ crypt encrypt gcp \
--in file.txt \
--out file.enc \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
$ crypt decrypt gcp \
--in file.enc \
--out file.dec \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
Example usage with stdin
:
$ echo "top secret" | crypt encrypt gcp \
--out file.enc \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
Azure Key Vault uses NewAuthorizerFromEnvironment from Microsoft Azure SDK for go.
Run az login
to get your Azure credentials.
Example usage with file:
$ echo "top secret" > file.txt
$ crypt encrypt gcp \
--in file.txt \
--out file.enc \
--vaultURL https://example-vault.vault.azure.net \
--name global \
--version 77ea..
$ crypt decrypt gcp \
--in file.enc \
--out file.dec \
--vaultURL https://example-vault.vault.azure.net \
--name global \
--version 77ea..
Example usage with stdin
:
$ echo "top secret" | crypt encrypt gcp \
--out file.enc \
--project lunar-compiler-123456 \
--location global \
--keyring test \
--key quickstart
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
mkdir -p $GOPATH/src/github.com/VirtusLab
cd $GOPATH/src/github.com/VirtusLab
git clone [email protected]:VirtusLab/crypt.git
cd crypt
go get -u github.com/golang/dep/cmd/dep
make all
make test
Update properties in config.env
and run:
make integrationtest
Feel free to file issues or pull requests.