App-locket
view release on metacpan or search on metacpan
---
abstract: 'Copy secrets from a YAML/JSON cipherstore into the clipboard (pbcopy, xsel, xclip)'
author:
- 'Robert Krimen <robertkrimen@gmail.com>'
build_requires:
Test::Most: 0
configure_requires:
ExtUtils::MakeMaker: 6.30
dynamic_config: 0
generated_by: 'Dist::Zilla version 4.200008, CPAN::Meta::Converter version 2.110930'
license: perl
meta-spec:
Makefile.PL view on Meta::CPAN
use strict;
use warnings;
use ExtUtils::MakeMaker 6.30;
my %WriteMakefileArgs = (
'ABSTRACT' => 'Copy secrets from a YAML/JSON cipherstore into the clipboard (pbcopy, xsel, xclip)',
'AUTHOR' => 'Robert Krimen <robertkrimen@gmail.com>',
'BUILD_REQUIRES' => {
'Test::Most' => '0'
},
'CONFIGURE_REQUIRES' => {
'ExtUtils::MakeMaker' => '6.30'
},
'DISTNAME' => 'App-locket',
'EXE_FILES' => [
'bin/locket',
NAME
App::locket - Copy secrets from a YAML/JSON cipherstore into the
clipboard (pbcopy, xsel, xclip)
VERSION
version 0.0022
SYNOPSIS
# Setup the configuration file for the cipherstore:
# (How to read the cipherstore, how to edit the cipherstore, etc.)
$ locket setup
# Add or change data in the cipherstore:
# List all the entries in the cipherstore:
$ locket /
# Show a secret from the cipherstore:
$ locket /alice@gmail
DESCRIPTION
App::locket is a tool for querying a simple YAML/JSON-based cipherstore
It has a simple commandline-based querying method and supports copying
into the clipboard
Currently, encryption and decryption is performed via external tools
(e.g. GnuPG, OpenSSL, etc.)
App::locket is best used with:
* gnupg.vim <http://www.vim.org/scripts/script.php?script_id=661>
* openssl.vim <http://www.vim.org/scripts/script.php?script_id=2012>
App::locket does not perform any in-memory encryption; once the
cipherstore is loaded it is exposed in memory
In addition, if the process is swapped out while running then the
plaintextstore could be written to disk
Encrypting swap is one way of mitigating this problem
Clipboard access
App::locket uses third-party tools for read/write access to the
clipboard. It tries to detect if "pbcopy", "xsel", or "xclip" are
available. It does this by looking in "/bin" and "/usr/bin"
Purging the clipboard
By default, App::locket will purge the clipboard of a secret it put
there after a set delay. It will try to verify that it is wiping what it
put there in the first place (so it doesn't accidentally erase something
else you copied)
If for some reason App::locket cannot read from the clipboard, it will
purge it just in case
If you prematurely cancel a secret copying operation via CTRL-C,
App::locket will catch the signal and purge the clipboard first
Attack via configuration
Currently, App::locket does not encrypt/protect the configuration file.
This means an attacker can potentially (unknown to you) modify the
reading/editing commands to divert the plaintext elsewhere
There is an option to lock the configuration file, but given the ease of
code injection you're probably better off installing and using
App::locket in a dedicated VM
INSTALL
$ cpanm -i App::locket
INSTALL cpanm
<http://search.cpan.org/perldoc?App::cpanminus#INSTALLATION>
USAGE
locket [options] setup|edit|<query>
--delay <delay> Keep value in clipboard for <delay> seconds
If value is still in the clipboard at the end of
<delay> then it will be automatically wiped from
the clipboard
--unsafe Turn the safety off. This will disable prompting
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
lib/App/locket.pm view on Meta::CPAN
package App::locket;
BEGIN {
$App::locket::VERSION = '0.0022';
}
# ABSTRACT: Copy secrets from a YAML/JSON cipherstore into the clipboard (pbcopy, xsel, xclip)
use strict;
use warnings;
BEGIN {
# Safe path
$ENV{ PATH } = '/bin:/usr/bin';
}
use Term::ReadKey;
lib/App/locket.pm view on Meta::CPAN
use File::Temp;
use Term::EditorEdit;
use Try::Tiny;
use String::Util qw/ trim /;
my $usage;
BEGIN {
$usage = <<_END_;
Usage: locket [options] setup|edit|<query>
--copy Copy value to clipboard using pbcopy, xsel, or xclip
--delay <delay> Keep value in clipboard for <delay> seconds
If value is still in the clipboard at the end of
<delay> then it will be automatically wiped from
the clipboard
--unsafe Turn the safety off. This will disable prompting
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
--cfg <file> Use <file> for configuration
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
lib/App/locket.pm view on Meta::CPAN
}
else {
$self->say_stdout( sprintf "# Found %d", $total );
}
$self->say_stdout( "# Redo your search: //<query>" );
#$self->say_stdout( sprintf "# Select an entry: [%s]", join '', map { $n2k{$_} } 0 .. @visible - 1 );
#$self->say_stdout( sprintf "# Show an entry: show <entry>" );
if ( @visible ) {
$self->say_stdout( sprintf "# Unrefine your search: .." );
$self->say_stdout( sprintf "# Show an entry: show [%s]", join '', map { $n2k{$_} } 0 .. @visible - 1 );
$self->say_stdout( sprintf "# Copy the an entry to the clipboard: copy <entry>" );
}
else {
$self->say_stdout( sprintf "# Show list: list" );
}
$self->say_stdout;
},
qr/^s(?:h(?:o(?:w)?)?)?\s*(\d+)/ => $_show,
lib/App/locket.pm view on Meta::CPAN
return unless my ( $target, $entry, $k, $n ) = $self->_select;
my $stash = $self->stash;
@$stash{qw/ target entry /} = ( $target, $entry );
my $query = $self->query;
$self->stdout_clear;
$self->say_stdout( "# Select $k ($target)\n---\n" );
$self->say_stdout( "# Show entry ($target): show" );
$self->say_stdout( "# Copy the entry into the clipboard: copy" );
$self->say_stdout( sprintf "# Show last search: / (%s)", join '/', @$query ) if @$query;
$self->say_stdout;
},
qr/^s(?:h(?:o?)?)?$/ => 'show',
show => sub {
my ( $self, $method ) = @_;
my ( $target, $entry ) = $self->get_target_entry;
return unless defined $target;
lib/App/locket.pm view on Meta::CPAN
my $SIG_INT = $SIG{ INT } || sub { exit 1 };
local $SIG{ INT } = sub {
$self->do_copy( '' );
ReadMode 0;
$SIG_INT->();
};
my $delay = $self->options->{ delay };
if ( $delay ) {
$self->say_stdout( sprintf "# Press RETURN to copy {$name} into clipboard with %d:%02d delay", int( $delay / 60 ), $delay % 60 );
}
else {
$self->say_stdout( "# Press RETURN to copy {$name} into clipboard for NO delay" );
}
$self->stdin_readreturn;
$self->do_copy( $value );
$self->say_stdout( "# Copied -- Press RETURN again to wipe clipboard and continue" );
$self->stdin_readreturn( $delay );
$self->say_stdout;
my $paste = $self->do_paste;
if ( ! defined $paste || $paste eq $value ) {
# To be safe, we wipe out the clipboard in the case where
# we were unable to get a read on the clipboard (pbpaste, xsel, or
# xclip failed)
$self->do_copy( '' ); # Wipe out clipboard
}
}
sub editor_prgm {
my $self = shift;
my $found = $self->cfg->{ editor };
defined and return $_ for $found;
$found = $self->_find_prgm( 'sensible-editor' );
lib/App/locket.pm view on Meta::CPAN
}
1;
=pod
=head1 NAME
App::locket - Copy secrets from a YAML/JSON cipherstore into the clipboard (pbcopy, xsel, xclip)
=head1 VERSION
version 0.0022
=head1 SYNOPSIS
# Setup the configuration file for the cipherstore:
# (How to read the cipherstore, how to edit the cipherstore, etc.)
$ locket setup
lib/App/locket.pm view on Meta::CPAN
# List all the entries in the cipherstore:
$ locket /
# Show a secret from the cipherstore:
$ locket /alice@gmail
=head1 DESCRIPTION
App::locket is a tool for querying a simple YAML/JSON-based cipherstore
It has a simple commandline-based querying method and supports copying into the clipboard
Currently, encryption and decryption is performed via external tools (e.g. GnuPG, OpenSSL, etc.)
App::locket is best used with:
* gnupg.vim L<http://www.vim.org/scripts/script.php?script_id=661>
* openssl.vim L<http://www.vim.org/scripts/script.php?script_id=2012>
* EasyPG L<http://www.emacswiki.org/emacs/AutoEncryption>
lib/App/locket.pm view on Meta::CPAN
=head2 In-memory encryption
App::locket does not perform any in-memory encryption; once the cipherstore is loaded it is exposed in memory
In addition, if the process is swapped out while running then the plaintextstore could be written to disk
Encrypting swap is one way of mitigating this problem
=head2 Clipboard access
App::locket uses third-party tools for read/write access to the clipboard. It tries to detect if
C<pbcopy>, C<xsel>, or C<xclip> are available. It does this by looking in C</bin> and C</usr/bin>
=head2 Purging the clipboard
By default, App::locket will purge the clipboard of a secret it put there after a set delay. It will try to verify that it is
wiping what it put there in the first place (so it doesn't accidentally erase something else you copied)
If for some reason App::locket cannot read from the clipboard, it will purge it just in case
If you prematurely cancel a secret copying operation via CTRL-C, App::locket will catch the signal and purge the clipboard first
=head2 Attack via configuration
Currently, App::locket does not encrypt/protect the configuration file. This means an attacker can potentially (unknown to you) modify
the reading/editing commands to divert the plaintext elsewhere
There is an option to lock the configuration file, but given the ease of code injection you're probably better off installing and using App::locket in a dedicated VM
=head2 Resetting $PATH
lib/App/locket.pm view on Meta::CPAN
$ cpanm -i App::locket
=head1 INSTALL cpanm
L<http://search.cpan.org/perldoc?App::cpanminus#INSTALLATION>
=head1 USAGE
locket [options] setup|edit|<query>
--delay <delay> Keep value in clipboard for <delay> seconds
If value is still in the clipboard at the end of
<delay> then it will be automatically wiped from
the clipboard
--unsafe Turn the safety off. This will disable prompting
before emitting any sensitive information in
plaintext. There will be no opportunity to
abort (via CTRL-C)
setup Setup a new or edit an existing user configuration
file (~/.locket/cfg)
edit Edit the cipherstore
( run in 1.290 second using v1.01-cache-2.11-cpan-2398b32b56e )