term% cat index.txt SECSTORE(1) General Commands Manual SECSTORE(1)
NAME
aescbc, ipso, secstore - secstore commands
SYNOPSIS
auth/secstore [ -cinv ] [ -(g|G) getfile ] [ -p putfile ] [ -r rmfile ]
[ -s server ] [ -u user ]
auth/aescbc -e [ -in ] <cleartext >ciphertext
auth/aescbc -d [ -in ] <ciphertext >cleartext
ipso [ -a -e -l -f -s ] [ file ... ]
DESCRIPTION
Secstore authenticates to a secure-store server using a password and
optionally a hardware token, then saves or retrieves a file. This is
intended to be a credentials store (public/private keypairs, passwords,
and other secrets) for a factotum.
Option -c prompts for a password change.
Option -g retrieves a file to the local directory; option -G writes it
to standard output instead. Specifying getfile of will send to stan‐
dard output a list of remote files with dates, lengths and SHA1 hashes.
Option -i says that the password should be read from standard input in‐
stead of from /dev/cons.
Option -n says that the password should be read from NVRAM (see auth‐
srv(2)) instead of from /dev/cons.
Option -p stores a file on the secstore.
Option -r removes a file from the secstore.
Option -s sets the dial string of the secstore(8) server. The default
is contained in the $secstore environment variable. If the -s option is
absent and $secstore is empty, secstore(1) will attempt to dial
tcp!$auth!secstore.
Option -u access the secure-store files belonging to user.
Option -v produces more verbose output, in particular providing a few
bits of feedback to help the user detect mistyping.
For example, to add a secret to the file read by factotum(4) at
startup, open a new window, type
% ramfs -p; cd /tmp
% auth/secstore -g factotum
secstore password:
% echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
% auth/secstore -p factotum
secstore password:
% read -m factotum > /mnt/factotum/ctl
and delete the window. The first line creates an ephemeral memory-res‐
ident workspace, invisible to others and automatically removed when the
window is deleted. The next three commands fetch the persistent copy
of the secrets, append a new secret, and save the updated file back to
secstore. The final command loads the new secret into the running fac‐
totum.
The ipso command packages this sequence into a convenient script to
simplify editing of files stored on a secure store. It copies the
named files into a local ramfs(4) and invokes acme(1) on them. When
the editor exits, ipso prompts the user to confirm copying modifed or
newly created files back to secstore. If no file is mentioned, ipso
grabs all the user's files from secstore for editing.
By default, ipso will edit the secstore files and, if one of them is
named factotum, flush current keys from factotum and load the new ones
from the file. If the -e, -f, or -l options are given, ipso will just
perform only the requested operations, i.e., edit, flush, and/or load.
The -s option of ipso invokes sam(1) as the editor insted of acme; the
-a option provides a similar service for files encrypted by aescbc
(q.v.). With the -a option, the full rooted pathname of the file must
be specified and all files must be encrypted with the same key. Also
with -a, newly created files are ignored.
Aescbc encrypts (under and decrypts (under using AES (Rijndael) in ci‐
pher block chaining (CBC) mode. Options and are as per secstore, ex‐
cept that reads from file descriptor 3.
SOURCE
/rc/bin/ipso
/sys/src/cmd/auth/secstore
SEE ALSO
factotum(4), secstore(8)
DIAGNOSTICS
Secstore sets error status on failure but will not print an error mes‐
sage when reading NVRAM or dialing the secstore server fails unless the
-v flag is specified.
BUGS
There is deliberately no backup of files on the secstore, so -r (or a
disk crash) is irrevocable. You are advised to store important secrets
in a second location.
When using ipso, secrets will appear as plain text in the editor win‐
dow, so use the command in private.
SECSTORE(1)