What is this?
Software for a separate trusted hardware device ("hardware security module") which essentially acts just like Keepass and only serves the function of storing secrets.
If you use Keepass on your PC and your PC gets compromised by a virus or a hacker, it's game over.
If you use a separate device for storing secrets, your PC compromise does not expose your secrets. This software only exposes your secret when you physically press a button on the device - and only exposes one secret per push acknowledge.
Supported secrets
- Passwords
- OTP tokens (Google Authenticator)
- SSH keys (via SSH agent protocol)
Recommended hardware
Raspberry Pi. I'm using Zero W with wooden case and a capacitive pushbutton.
Features
- Create, view and list secrets in a folder hierarchy.
- Export database to Keepass format (for viewing in mobile devices when traveling etc.)
Building
$ go generate
$ go build
(generate step is currently unused)
Releasing: take a look at bin/release.sh
TODO
- Tags to .JS command definitions
- Enter to confirm command dialog
- Data types for command fields (password)