

Trousseau: an encrypted and networked key-value database - oleiade
https://github.com/oleiade/trousseau
Trousseau is a gpg encrypted key-value store designed to be a simple, safe and relient place for your data. It stores data in a single multi-recipients encrypted file and can supports both local and remote storage sources (S3 and ssh so far) import&#x2F;export.<p>Create a trousseau store, specify which gpg recipients are allowed to open and modify it, and adding some key-value pairs to, export it to s3 for example, and re-import it on another device. As simple as that.<p>Whether you&#x27;re a devops, a paranoid guy living in a bunker, or the random user who seek a simple way to store it&#x27;s critical data in safe maneer. Trousseau can do something for you.
======
peterwwillis

      Create a trousseau store, specify which gpg recipients are 
      allowed to open and modify it, and adding some key-value 
      pairs to, export it to s3 for example, and re-import it on 
      another device. As simple as that.
    

Simple?

------
zobzu
$ export TROUSSEAU_PASSWORD=mysupperdupperpassword

nope.

~~~
oleiade
You're right.

Two alternatives possible, whether to add a '\--password' global option
allowing you to provide your password at runtime, or to implement
[https://github.com/tmc/keyring](https://github.com/tmc/keyring).

What do you think? Any other alternatives to suggest?

~~~
zobzu
gpg-agent, keychain, gnome-keyring, kwallet. keyring could be ok. It would be
nice if it supported a few more things tho. not everyone's a gnome user for
example. but since it's gpg, i would think gpg-agent suffices. most keyrings
actually emulate the agent (same for SSH)

proposing the env variable passphrase means a lot of people will put the
password <in clear, plain text> in their .zshrc, .bashrc, you name it

------
thomas-st
Does anyone know an encrypted database that allows for searches? E.g.
implementing an algorithm similar to
[http://crypto.stanford.edu/~eujin/papers/secureindex/](http://crypto.stanford.edu/~eujin/papers/secureindex/)

~~~
oleiade
The go language regular expressions engine uses the Thompson NFA algorithm. It
provides amazing performances.

I was thinking to implement some basic search features to trousseau using it.

Would it fit with your needs?

------
alister
> _Trousseau is a gpg encrypted key-value store designed to be a simple, safe
> and relient place for your data._

Relient? I think he meant "reliant" but even that doesn't sound right. Reliant
means "trustful", suggesting that the system trusts you. Maybe he meant
"trustworthy". (Or just simply "reliable".)

("relient" is a French word meaning to connect, link, or join, and the author
seems to be French. But that observation doesn't seem to help.)

~~~
sshThis
Yes, I think the author also uses "sensible" in places where "sensitive" might
be more appropriate.

------
pkulak
My first thought was: "Key value store... let's see if it's written in Go..."
haha, glad I wasn't disappointed!

------
nbody
It would be interesting to see some performance numbers vs other key-value
databases. It would slower but still it would be great to see what impact it
has.

~~~
oleiade
trousseau wasn't built with performance in mind: not at all. The store file is
encrypted/decrypted at each operations; at least until I implement some kind
of pipeline.

------
codegangsta
This is a good example of clean, well written Go code.

Great job oleiade! This is definitely on my radar.

------
unsignedint
This looks interesting!

But I think it'd be better if DEB repository is signed...

~~~
oleiade
I've asked bintray to add support for subkeys some weeks ago. No news since
then, but they told me they were working on it. Problem right now is that you
have to put your master gpg key on bintray to be able to sign: I wouldn't.

As soon as the subkeys are available on bintray, packages from the repo will
be signed though :)

------
dangayle
Not to sound ignorant, but what would you use this for?

~~~
cnlwsu
Theres a list of examples in the readme. I think the devops ideas are
interesting.

    
    
        Store sensible data: Your brand new shinny infrastructure surely relies on many certificates and private keys of different kinds: ssl, rsa, gpg, ... Trousseau provides a simple and fine-tuned way to store their content in a single file that you can safely version using your favorite cvs. No more plain certificates and keys in your repositories and configuration files.

