Would you trust a repository made like this to save your secrets? (opens in new tab)

(github.com)

2 pointsnola-a2y ago5 comments

5 comments

Why keep something secret on a public repo? Is that not an oxymoron?

Also, I’m terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.

Just to be sure that your secrets are reasonably available, always. (i) GitHub for high availability of the repo, (ii) Openssl, even it is not flawless, it is available everywhere and battle tested (iii) Bash is bash :)

upofadown2y ago

What are you using to do the encryption? How hard is the passphrase to crack?

nola-aOP2y ago

Looking at the script, a double round with aes-256-cbc [0] is done, moreover the file is hidden among thousands of files. Like others ciphers it is vulnerable at implementation level, that is a enough long key must be chosen. Maybe the script could be improved adding a passphrase check.

[0]https://github.com/nola-a/jump/blob/f907cffcb08fd96ea91cd7f3...

nola-aOP2y ago

Hi All,

my intention is to keep my secrets on a nice public repo, what do you think?

Thanks!

j / k navigate · click thread line to collapse