diff options
Diffstat (limited to 'share/man/keyringer.1')
| -rw-r--r-- | share/man/keyringer.1 | 79 |
1 files changed, 48 insertions, 31 deletions
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index c3fbc54..c0fed1c 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -59,6 +59,14 @@ Like the git wrapper, this is a wrapper around the \f[I]LS(1)\f[] command. .RS .RE +.TP +.B tree <\f[I]path\f[]> +List contents from the toplevel repository \f[I]keys\f[] folder or from +relative paths if \f[I]path\f[] is specified using a tree-like format. +Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[] +command. +.RS +.RE .SH SECRET MANIPULATION ACTIONS .PP All secret manipulation actions operate upon a \f[I]secret\f[] which is @@ -102,6 +110,11 @@ Git history.\f[] To completely remove a file from a keyring, you should also rewrite the Git history yourself. .RE .TP +.B rm <\f[I]secret\f[]> +Alias for \f[I]del\f[] action. +.RS +.RE +.TP .B edit <\f[I]secret\f[]> Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the \f[I]$EDITOR\f[] environment @@ -113,11 +126,15 @@ variable and then re-encrypting it. Encrypts content from standard input or \f[I]file\f[] into \f[I]secret\f[] pathname. No spaces are supported in the \f[I]secret\f[] name. +If \f[I]file\f[] is actually a folder, keyringer will recursivelly +encrypt all it\[aq]s contents. .RS .RE .TP -.B encrypt-batch <\f[I]secret\f[]> +.B encrypt-batch <\f[I]secret\f[]> [\f[I]file\f[]] Encrypt content, batch mode. +Behavior is identical to \f[I]encrypt\f[] action, but less verbose. +Useful inside scripts. .RS .RE .TP @@ -193,41 +210,41 @@ aliases. .PP Keyringer uses a default recipients file, but specifying a custom \f[I]recipients-file\f[] pathname will override this default. +.PP For instance, if a user encrypts a secret to a file in the keyring repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients-file\f[] under \f[I]accounting\f[] will be used. Encrypting a secret into \f[I]accounting/bank-accounts\f[] will result -in a file +in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[] +encrypted using the public keys listed in the config +file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. +.PP +Each line in a recipients file has entries in the format +\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where +\f[I]john\@doe.com\f[] is an alias for the GPG public key whose +fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] +.PP +All lines starting with the hash (#) character are interpreted as +comments. +.PP +Parameters to the \f[I]recipients\f[] action are: +.TP +.B \f[I]ls\f[] +List all existing recipients files. +.RS .RE +.TP +.B \f[I]edit\f[] +Create or edit a recipients file. +.RS .PP -\f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[] encrypted -using the public keys listed in the config -file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. -.IP -.nf -\f[C] -Each\ line\ in\ a\ recipients\ file\ has\ entries\ in\ the\ format -\[aq]john\@doe.com\ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq],\ where\ *john\@doe.com* -is\ an\ alias\ for\ the\ GPG\ public\ key\ whose\ fingerprint\ is -*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.* - -All\ lines\ starting\ with\ the\ hash\ (#)\ character\ are\ interpreted\ as\ comments. - -Parameters\ to\ the\ *recipients*\ action\ are: - -\ \ *ls* -\ \ :\ \ \ List\ all\ existing\ recipients\ files. - -\ \ *edit* -\ \ :\ \ \ Create\ or\ edit\ a\ recipients\ file. - -\ \ \ \ \ \ Editing\ happens\ using\ the\ editor\ specified\ by\ the\ `$EDITOR` -\ \ \ \ \ \ environment\ variable. - -\ \ \ \ \ \ The\ required\ parameter\ *recipients-file*\ is\ interpreted\ relative -\ \ \ \ \ \ to\ the\ `$KEYRING_FOLDER/config/recipients/`\ folder. -\f[] -.fi +Editing happens using the editor specified by the \f[C]$EDITOR\f[] +environment variable. +.PP +The required parameter \f[I]recipients-file\f[] is interpreted relative +to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder. +.RE +.RE .SH FILES .PP $HOME/.keyringer/config : User\[aq]s main configuration file used to map @@ -246,7 +263,7 @@ Metadata is not encrypted, meaning that an attacker with access to a keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository -configuration with support for the \f[I]--hidden-recipient\f[] GnuPG +configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG option. .IP "2." 3 History is not rewritten by default when secrets are removed from a |