SecureStore
OkcAgent
SecureStore | OkcAgent | |
---|---|---|
5 | 2 | |
89 | 169 | |
- | - | |
6.0 | 0.0 | |
2 months ago | over 1 year ago | |
C# | Kotlin | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecureStore
-
SecureStore VS dotenv-vault - a user suggested alternative
2 projects | 4 Nov 2023
-
appsettings.json secrets for local and for deployments
Have you looked into NeoSmart's SecureStore? It uses a versionable json file with encrypted strings as secrets, and can be unlocked via a password or a keyfile that you deploy to your application. I've used it before, and it's pretty easy to use and implement. https://github.com/neosmart/SecureStore
-
How do I put secrets in production build?
A similar but actually secure alternative to user secrets in-prod is using SecureStore: https://github.com/neosmart/SecureStore
-
.NET Framework 4.6.2 - Where to put environment variables
Have you looked into SecureStore (https://github.com/neosmart/SecureStore) for managing secrets? You can commit the json file to git, but you keep the key separate.
-
How do you store sensitive data in a production environment?
I tend to use secure store for this. https://github.com/neosmart/SecureStore. json file hold the encrypted stuff and I use a key file that goes out with deployment but never checked in. I can think of a thousand holes for all solutions. Most fall on how to you protect the key or the environment. At that point all is lost.
OkcAgent
-
Android TOTP app with Yubikey NFC/USB as login method
It's a bit complicated, but you can use GPG for this! You can follow this guide to setup GPG, and follow this issue to set it up with Termux, then use OKCAgent's GPG function to en/decrypt any files. You can then use any CLI TOTP program and de/encrypt the key files with your GPG key. It's not as secure as having them on the key, as the private keys for the TOTP have to be in your phone's RAM. You can write a shell script for that and put a widget to it on your home screen.
-
Pass: The standard Unix password manager
[1]: https://github.com/DDoSolitary/OkcAgent
Simple password decrypt: okc-gpg -d ~/.password-store/mypass.gpg
I made a termux shortcut (button on homescreen) to emulate pass-dmenu via this ( store in ~/.shortcuts):
#!/data/data/com.termux/files/usr/bin/env bash
What are some alternatives?
Electron.NET - :electron: Build cross platform desktop apps with ASP.NET Core (Razor Pages, MVC, Blazor).
OpenKeychain - OpenKeychain is an OpenPGP implementation for Android.
Licensing.ActivationKeys - This free, open-source .NET library allows you to license your non-free applications through activation keys.
gopass - The slightly more awesome standard unix password manager for teams
dotenv-vault - sync .env files—from the creator of `dotenv`.
securestore - A pass generalisation
SecurityDriven.Inferno - :white_check_mark: .NET crypto done right. Professionally audited.
passhole - A secure hole for your passwords (KeePass CLI)
encpass.sh - Lightweight solution for using encrypted passwords in shell scripts
Android-Password-S
infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
pass-otp - A pass extension for managing one-time-password (OTP) tokens