stash

command module

v0.0.3 Latest Latest Go to latest Published: Aug 4, 2021 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/walkert/stash

Links

Open Source Insights

README ¶

stash

A server/client for storing an encrypted password in memory. Written in Go.

Installation

To install the tool using Go like so:

$ go get github.com/walkert/stash

Details

I wrote stash as a purely localhost solution for password vault storage. That being said, it is intended to be secure enough for both local and remote use (where the client/server are separated across the network).

Server mode

stash operates as both a server and a client. When in server mode, it will start a TLS-enabled gRPC server that is capable of storing and retrieving a string (typically a password). When a client sets a password for the first time, it sends through an authentication token which all future get operations must send in order to communicate with the server. The server encrypts the password using a randomly generated salt and password and will then continue to re-encrypt the data every five seconds.

Client mode

When stash sets a password for the first time, it will encrypt it locally with a random salt and password before sending it to the server. It will then store the salt, password and a randomly generated authentication token locally in an obfuscated string. When getting a password, the client will read the locally stored token and use it to authenticate with the server before decrypting the received string with the locally stored salt/password.

Setup

Since stash uses TLS by default, you will need to generate an SSL certificate and key file. Both will be used by the server while the client will just need to use the certificate.

To generate the keypair you'll first need to create a SAN config file that looks like this:

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
CN = SomeCompany
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost

Next, run the following command (note this assumes you're running the server listening on localhost):

$ openssl req -x509 -newkey rsa:4096 -keyout ~/.stash.key.pem -out ~/.stash.cert.pem -days 365 -nodes -subj '/CN=localhost' -config stash.san

Starting the server

The simplest way to get started is running with all of the defaults set (listen on localhost:2002, use the default key/cert names (see above), set the expiration time to 12 hours).

$ stash --server --daemon

Using the client

Client usage is simple. You either set a password, or get it/validate that one is set.

Setting a password

$ stash --set
Password: ************

Checking to see if a password is set

The validate option will print the password if one is set or report and error if not.

$ stash --get --validate
Password not set

Get the password

When the password is printed to a terminal device, it is obscured by setting the background/foregound colour to silver. This prevents people looking over your shoulder but the text can still be copied. The preferred method of usage is to pipe the output to a utility such as pbcopy on OSX.

$ stash --get
###############

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
client
server
stashproto

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL