Comments (5)
tlimoncelli
commented on June 7, 2024
For example... how would you specify that a particular subdirectory is encrypted with a particular keychain?
from blackbox.
cressie176
commented on June 7, 2024
Thanks for blackbox - we've been using it in a multi-project, single team environment and it's been great. We're now rolling it's use out to multiple teams and were hoping for a single github project with subfolder access controls for each team. e.g.
secrets/
├── team1
│ ├── decrypt.sh
│ ├── keyrings
│ │ └── live
│ │ ├── blackbox-admins.txt
│ │ ├── blackbox-files.txt
│ │ ├── pubring.gpg
│ │ └── trustdb.gpg
│ └── project-a
│ ├── live.json
│ └── staging.json
├── team2
│ ├── decrypt.sh
│ ├── keyrings
│ │ └── live
│ │ ├── blackbox-admins.txt
│ │ ├── blackbox-files.txt
│ │ ├── pubring.gpg
│ │ └── trustdb.gpg
│ └── project-b
│ ├── live.json
│ └── staging.json
├── team3
│ ├── decrypt.sh
│ ├── keyrings
│ │ └── live
│ │ ├── blackbox-admins.txt
│ │ ├── blackbox-files.txt
│ │ ├── pubring.gpg
│ │ └── trustdb.gpg
│ └── project-c
│ ├── live.json
│ └── staging.json
Unfortunately blackbox_register_new_file didn't work because it's looking in the root directory for the blackbox admins file.
I appreciate that this model isn't appropriate for everyone and implies we will have to duplicate some common passwords and admins, but we're prepared to live with that. Is there an option to specify a different root folder?
from blackbox.
TomOnTime
commented on June 7, 2024
@cressie176 sadly that kind of functionality doesn't exist in the code right now. If you'd like to implement it, I'd be glad to accept the PR.
from blackbox.
TomOnTime
commented on June 7, 2024
I want to record some thinking about how to implement this feature:
A. Per-directory
Rather than assuming "keyrings" is in the repo root, search for it in the parent, parent's parent, etc. until it is found. At that point, it then uses what was found. blackbox_initialize will have to be changed to support creating a new keyrings file.
B. Per file:
Each file listed in blackbox-files.txt would also list which keychain is used to encrypt it. The default would be "live". If something else is specified, then /keyrings/WHATEVER would be used.
This would require moving blackbox-files.txt to the "keyrings" directory (it is currently in keyrings/live. It would also require storing the name of the keyring in a secure manner (i.e. wouldn't be confused by a filename with a TAB or space in it, and so on).
A is easiest to implement but is less flexible. It is backwards compatible with existing repos.
B is more flexible, but requires a lot of changes to various parts of code. Plus, old repos will need to be transitioned.
NOTE: If we're going to make big changes, we might want to take this opportunity to change "keyrings" to ".blackbox" (the "." at the start would make blackbox less visible and less likely to conflict with people's existing file schemes)
from blackbox.
tlimoncelli
commented on June 7, 2024
This has been fixed for a while. By setting the env variable "BLACKBOXDATA", you can select different keychains. You have to manually set is when in different directories.
from blackbox.
Related Issues (20)
- feature request: obfuscated file names HOT 2
- blackbox_initialize suggests addition of nonexistent directory HOT 1
- [Enhancement] git commit message suggestion add team info
- [Enhancement] Instead of print command how to commit, add option to execute
- [Feature Request] Terraform Provider HOT 1
- Ist this Project Stale? HOT 8
- Errors after upgrading to OSX Monterey HOT 10
- `blackbox_initialize` not adding `.blackbox/.gitattributes` file
- blackbox_deregister_file should delete locally decrypted copy
- blackbox_postdeploy chmod: Invalid file mode: 100644 HOT 7
- Make blackbox easier to include in a docker dev container
- The ssl detection expiration time has an inaccurate domain name HOT 1
- ASK
- scoped secrets HOT 4
- neovim??? HOT 1
- GPG error "gpg: error retrieving '[email protected]' via WKD: No data" HOT 5
- [Question] how to install blackbox in ubuntu 22.04 HOT 2
- Blackbox security/integrity can be undermined in several ways HOT 3
- fs
- Can only decrypt, but not encrypt [No public key] HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blackbox.