1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
% KEYRINGER(1) Keyringer User Manual
% Silvio Rhatto
% August 17, 2013
# NAME
keyringer - encrypted and distributed secret sharing software
# SYNOPSIS
keyringer <*keyring*> <*action*> [*options*]...
# DESCRIPTION
Keyringer lets you manage and share secrets using GPG and git with custom
commands to encrypt, decrypt, recrypt, create key pairs, etc.
# ACTIONS
Keyringer has three types of actions:
1. Configuration actions.
2. Secret manipulation actions.
3. Repository lookup and manipulation actions.
## CONFIGURATION ACTIONS
commands
: List available actions, useful for shell completion and syntax check.
options <*ls*|*edit*|*add*>
: List, edit or add miscelaneous *repository options*.
preferences <*ls*|*edit*|*add*>
: List, edit or add *user options* for a given repository.
recipients <*ls*|*edit*> <*recipient-file*>
: List or edit recipient configuration.
usage
: Show usage information.
## SECRET MANIPULATION ACTIONS
All secret manipulation actions operates upon a *SECRET*, which is the pathname
of an encrypted file relative to keyring with optional `.asc` extension.
Secret manipulation actions do not commit changes into the secret repository.
After any manipulation, the user has to manually commit the changes.
append <*SECRET*>
: Append contents into a secret.
append-batch <*SECRET*>
: Append contents into a secret, batch mode.
decrypt <*SECRET*>
: Decrypts a secret into standard output.
del <*SECRET*>
: Removes a secret using git. After deleting a secret a git commit and push is still
needed to update remote repositories. To completely remove a file from a keyring,
you should also rewrite the git history by yourself.
edit <*SECRET*>
: Edits a secret by temporarily decrypting it, opening the decrypted copy into *$EDITOR*
and then recrypting it again.
encrypt <*SECRET*>
: Encrypts content from standard input into *SECRET*.
encrypt-batch <*SECRET*>
: Encrypt content, batch mode.
genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*]
: Wrapper to generete encryption keypairs, useful for automated key deployment.
recrypt <*SECRET*>
: Recrypts a secret by decrypting it and recrypting again. Useful when users are added
into recipient configuration. If no *SECRET* is given, all secrets in the repository
are re-encrypted.
# REPOSITORY LOOKUP AND MANIPULATION ACTIONS
git <*action*> <*options*>
: Git wrapper that operates from the toplevel keyring repository.
ls <*PATH*>
: List contents from the toplevel repository *keys* folder or from relative *PATH*.
# SEE ALSO
The *README* file distributed with Keyringer contains full documentation.
The Keyringer source code and all documentation may be downloaded from
<https://keyringer.pw>.
|