
JackSON: JSON secret keeper in less than 50 lines of code - r0hi7
https://github.com/r0hi7/jackson
======
digitalsushi
I implemented a secrets manager using vim (which comes with blowfish file
encryption support). We just pass the unlock key in from a secure location,
such as our ci/cd pipeline, and then pass it to something like the following:

echo '1,$'|vim --cmd "set key=${__password}" ${__filename} -es|grep mysecret

Inside the file, you can do whatever programmatic syntax you want, because
from here it's just shell pipelining.

I'd actually love to hear if this is a really bad idea.

~~~
r0hi7
I have implemented jackson as package. Your way of vim cannot be extended to
application that keeps secrets in config file (say json). With this
implementation we just need to write the env and pass it to jackson, then
jackson will resolve it as runtime.

------
pasbesoin
Apropos of nothing, this makes me think of Jackson Brodie, who keeps lots of
small but important secrets.

(I've yet to read the books.)

[https://en.wikipedia.org/wiki/Case_Histories_(TV_series)](https://en.wikipedia.org/wiki/Case_Histories_\(TV_series\))

~~~
r0hi7
No its is secret management package for python applications.

