summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to 'share')
-rw-r--r--share/man/keyringer.179
-rw-r--r--share/man/keyringer.1.mdwn18
2 files changed, 62 insertions, 35 deletions
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index c3fbc54..c0fed1c 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -59,6 +59,14 @@ Like the git wrapper, this is a wrapper around the \f[I]LS(1)\f[]
command.
.RS
.RE
+.TP
+.B tree <\f[I]path\f[]>
+List contents from the toplevel repository \f[I]keys\f[] folder or from
+relative paths if \f[I]path\f[] is specified using a tree-like format.
+Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[]
+command.
+.RS
+.RE
.SH SECRET MANIPULATION ACTIONS
.PP
All secret manipulation actions operate upon a \f[I]secret\f[] which is
@@ -102,6 +110,11 @@ Git history.\f[] To completely remove a file from a keyring, you should
also rewrite the Git history yourself.
.RE
.TP
+.B rm <\f[I]secret\f[]>
+Alias for \f[I]del\f[] action.
+.RS
+.RE
+.TP
.B edit <\f[I]secret\f[]>
Edit a secret by temporarily decrypting it, opening the decrypted copy
into the text editor defined by the \f[I]$EDITOR\f[] environment
@@ -113,11 +126,15 @@ variable and then re-encrypting it.
Encrypts content from standard input or \f[I]file\f[] into
\f[I]secret\f[] pathname.
No spaces are supported in the \f[I]secret\f[] name.
+If \f[I]file\f[] is actually a folder, keyringer will recursivelly
+encrypt all it\[aq]s contents.
.RS
.RE
.TP
-.B encrypt-batch <\f[I]secret\f[]>
+.B encrypt-batch <\f[I]secret\f[]> [\f[I]file\f[]]
Encrypt content, batch mode.
+Behavior is identical to \f[I]encrypt\f[] action, but less verbose.
+Useful inside scripts.
.RS
.RE
.TP
@@ -193,41 +210,41 @@ aliases.
.PP
Keyringer uses a default recipients file, but specifying a custom
\f[I]recipients-file\f[] pathname will override this default.
+.PP
For instance, if a user encrypts a secret to a file in the keyring
repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients-file\f[]
under \f[I]accounting\f[] will be used.
Encrypting a secret into \f[I]accounting/bank-accounts\f[] will result
-in a file
+in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[]
+encrypted using the public keys listed in the config
+file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
+.PP
+Each line in a recipients file has entries in the format
+\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where
+\f[I]john\@doe.com\f[] is an alias for the GPG public key whose
+fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[]
+.PP
+All lines starting with the hash (#) character are interpreted as
+comments.
+.PP
+Parameters to the \f[I]recipients\f[] action are:
+.TP
+.B \f[I]ls\f[]
+List all existing recipients files.
+.RS
.RE
+.TP
+.B \f[I]edit\f[]
+Create or edit a recipients file.
+.RS
.PP
-\f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[] encrypted
-using the public keys listed in the config
-file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
-.IP
-.nf
-\f[C]
-Each\ line\ in\ a\ recipients\ file\ has\ entries\ in\ the\ format
-\[aq]john\@doe.com\ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq],\ where\ *john\@doe.com*
-is\ an\ alias\ for\ the\ GPG\ public\ key\ whose\ fingerprint\ is
-*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*
-
-All\ lines\ starting\ with\ the\ hash\ (#)\ character\ are\ interpreted\ as\ comments.
-
-Parameters\ to\ the\ *recipients*\ action\ are:
-
-\ \ *ls*
-\ \ :\ \ \ List\ all\ existing\ recipients\ files.
-
-\ \ *edit*
-\ \ :\ \ \ Create\ or\ edit\ a\ recipients\ file.
-
-\ \ \ \ \ \ Editing\ happens\ using\ the\ editor\ specified\ by\ the\ `$EDITOR`
-\ \ \ \ \ \ environment\ variable.
-
-\ \ \ \ \ \ The\ required\ parameter\ *recipients-file*\ is\ interpreted\ relative
-\ \ \ \ \ \ to\ the\ `$KEYRING_FOLDER/config/recipients/`\ folder.
-\f[]
-.fi
+Editing happens using the editor specified by the \f[C]$EDITOR\f[]
+environment variable.
+.PP
+The required parameter \f[I]recipients-file\f[] is interpreted relative
+to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder.
+.RE
+.RE
.SH FILES
.PP
$HOME/.keyringer/config : User\[aq]s main configuration file used to map
@@ -246,7 +263,7 @@ Metadata is not encrypted, meaning that an attacker with access to a
keyringer repository can discover all public key IDs used for
encryption, and which secrets are encrypted to which keys.
This can be improved in the future by encrypting the repository
-configuration with support for the \f[I]--hidden-recipient\f[] GnuPG
+configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG
option.
.IP "2." 3
History is not rewritten by default when secrets are removed from a
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
index ee035e3..d4b71e3 100644
--- a/share/man/keyringer.1.mdwn
+++ b/share/man/keyringer.1.mdwn
@@ -56,6 +56,11 @@ ls <*path*>
if *path* is specified. Like the git wrapper, this is a wrapper around the *LS(1)*
command.
+tree <*path*>
+: List contents from the toplevel repository *keys* folder or from relative paths
+ if *path* is specified using a tree-like format. Like the ls wrapper, this is a
+ wrapper around the *TREE(1)* command.
+
# SECRET MANIPULATION ACTIONS
All secret manipulation actions operate upon a *secret* which is the pathname
@@ -88,16 +93,21 @@ del <*secret*>
To completely remove a file from a keyring, you should also rewrite the Git
history yourself.
+rm <*secret*>
+: Alias for *del* action.
+
edit <*secret*>
: Edit a secret by temporarily decrypting it, opening the decrypted copy into the
text editor defined by the *$EDITOR* environment variable and then re-encrypting it.
encrypt <*secret*> [*file*]
: Encrypts content from standard input or *file* into *secret* pathname. No spaces
- are supported in the *secret* name.
+ are supported in the *secret* name. If *file* is actually a folder, keyringer
+ will recursivelly encrypt all it's contents.
-encrypt-batch <*secret*>
-: Encrypt content, batch mode.
+encrypt-batch <*secret*> [*file*]
+: Encrypt content, batch mode. Behavior is identical to *encrypt* action, but less
+ verbose. Useful inside scripts.
genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*]
: Wrapper to generate encryption key-pairs, useful for automated key deployment.
@@ -153,7 +163,7 @@ recipients <*ls*|*edit*> <*recipients-file*>
For instance, if a user encrypts a secret to a file in the keyring repository's
*accounting* folder, a *recipients-file* under *accounting* will be used.
Encrypting a secret into *accounting/bank-accounts* will result in a file
- `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the public
+ `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the public
keys listed in the config file`$KEYRING_FOLDER/config/recipients/accounting`.
Each line in a recipients file has entries in the format