A place to store project secrets within a git repository, encrypted with GPG
Installing the vault is quite easy. Just run the following command in your project:
<<your_cli>> sidekick plugins install sidekick_vault
<cli-name> vault encrypt path/to/secret.csv
<cli-name> vault encrypt --passphrase="****" --vault-location="secret.txt.gpg" path/to/secret.txt
The passphrase
is optional.
It will be retrieved from the environment variables or asked via stdin
.
The file will be saved at vault-location
(optional) inside the vault directory.
The filename (secret.txt
) will be used as fallback.
<cli-name> vault encrypt secret.csv.gpg
<cli-name> vault decrypt --passphrase="****" --output="write/to/decrypted.txt" secret.txt.gpg';
The passphrase
is optional.
It will be retrieved from the environment variables or asked via stdin
.
output
is optional.
The decrypted file will be saved in the vault next to the encrypted one (without .gpg
ending).
<cli-name> vault change-password
<cli-name> vault change-password --old ***** --new *****
Use the old
and new
arguments to pass the old and new password.
Without the arguments, you can enter the passwords via stdin
.
gpg --symmetric --cipher-algo AES256 --batch --passphrase=$password <file>
gpg --quiet --batch --yes --decrypt --passphrase=$password --output=<file> <file.gpg>
Create a vault in your sidekick cli and read the password
import 'package:sidekick_core/sidekick_core.dart';
import 'package:sidekick_vault/sidekick_vault.dart';
void main() {
final vault = SidekickVault(
location: repository.root.directory('vault'),
// environment variable where CIs can inject the vault password
environmentVariableName: 'FLT_VAULT_PASSPHRASE',
);
final secret = vault.loadText('secret.txt');
// Use secret on your CI to do magic things
}