-
Notifications
You must be signed in to change notification settings - Fork 9
Secrets
Secrets are encrypted files used to store more sensitive configuration. They function in the same manner as all other tuckr functions. They are stored in the dotfiles/Secrets directory, but unlike the other functions, Secrets is mostly managed by tuckr, the only time one needs to mess with it is when removing a secret.
To encrypt a file one needs to tell tuckr which group it will go to and which files should be put in it. If the group doesn't exist the group is created, files can be passed as absolute or relative paths.
$ tuckr encrypt ImportantFiles file1 file2 file3This will create a directory called ImportantFiles on dotfiles/Secrets and inside of it there will be a file structure similar to the user's home directory (this tells tuckr where to decrypt files). If a file has the path ~/Documents/tokens/token1.txt, if it were encrypted with tuckr tokens token1.txt the path in dotfiles would be dotfiles/Secrets/tokens/Documents/tokens/token1.txt.
To decrypt a file one simply needs to state the name of the group that one wants to decrypt If the group ImportantFiles mentioned on the previous section were to be decrypted it would be done like this:
$ tuckr decrypt ImportantFilesAfter running the command and inputting the correct password the files in that group should be decrypted on the path they were expected to be.
Tuckr uses RustCrypto's chacha20poly1305 as it's encryption cipher. This cipher should be more secure than AES even though it can be slightly slower to run as AES has instruction level support on a lot of modern CPUs while chacha20 does not.
For more information on chacha20poly1305: https://docs.rs/chacha20poly1305/latest/chacha20poly1305