-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e1db2d3
commit 309dcf4
Showing
17 changed files
with
248 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
icon: home | ||
label: Welcome to Hush! | ||
order: 2000 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# Hush! 🤫</h1> | ||
|
||
**Hush!** is a small tool to facilitate the **sharing of `.env`** files between developers without having to send them over Teams messages. It uses the **AWS SecretsManager** to store a new secret for each of your `.env` files. | ||
|
||
With Hush!, you can _finally_ store secrets like API tokens or passwords securely. | ||
|
||
### Built with | ||
|
||
![AWS](https://img.shields.io/badge/AWS-%23FF9900.svg?style=for-the-badge&logo=amazon-aws&logoColor=white) ![TypeScript](https://img.shields.io/badge/typescript-%23007ACC.svg?style=for-the-badge&logo=typescript&logoColor=white) | ||
|
||
--- | ||
|
||
## Links | ||
|
||
- [Github Repository](https://github.com/kernpunkt/hush) | ||
- [Documentation](https://kernpunkt.github.io/hush) |
File renamed without changes
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
File renamed without changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
icon: x | ||
title: delete | ||
order: 95 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# `hush delete` | ||
|
||
![](/assets/hush-delete.gif) | ||
|
||
To delete a secret, use the `delete` command: | ||
|
||
`yarn hush delete <key>` | ||
|
||
So for example: | ||
|
||
`yarn hush delete joern-prod` | ||
|
||
You can specify the `--force` parameter to force the deletion of the secret without scheduling the deletion for a later date. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
icon: unlock | ||
title: grant | ||
order: 97 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# `hush grant` | ||
|
||
!!! | ||
Not illustrated in a gif to not expose secret information. | ||
!!! | ||
|
||
To grant another IAM user **in the same AWS account** access to your secret, use the `grant` command like this: | ||
|
||
`yarn hush grant joern-prod <user-identifier>` | ||
|
||
**`user-identifier` has to be _either_ an AWS ARN _or_ a username for a user that shares an AWS account with you.** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
icon: command-palette | ||
label: Commands | ||
order: 100 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
| Command | Description | | ||
| --------------------------------- | ------------------------------------------------------------------- | | ||
| [`hush push`](/commands/push) | Push your local version of the `.env` file to AWS. | | ||
| [`hush pull`](/commands/pull) | Pull the newest version of the `.env` file from AWS. | | ||
| [`hush list`](/commands/list) | List all Hush! secrets that your current AWS profile has access to. | | ||
| [`hush grant`](/commands/grant) | Grant access to a secret to another user. | | ||
| [`hush revoke`](/commands/revoke) | Revoke access to a secret from another user. | | ||
| [`hush delete`](/commands/delete) | Delete the given Hush! secret in AWS. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
icon: list-ordered | ||
title: list | ||
order: 98 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# `hush list` | ||
|
||
![](/assets/hush-list.gif) | ||
|
||
This command lists **all Hush! secrets that the current AWS profile has access to**. | ||
|
||
It displays the following fields for each secret: | ||
|
||
- Name | ||
- Last push message | ||
- Updated at | ||
- Secrets count | ||
|
||
!!! | ||
Please note that the Name has the "hush-" prefix attached to it. | ||
!!! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
icon: repo-pull | ||
title: pull | ||
order: 99 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# `hush pull` | ||
|
||
![](/assets/hush-pull.gif) | ||
|
||
To update the local contents of a `.env` file, use the `pull` command: | ||
|
||
`yarn hush pull <key> <envFile>` | ||
|
||
So for example: | ||
|
||
`yarn hush pull joern-prod ./.env` | ||
|
||
!!! | ||
All keys get prefixed with `hush-` in the AWS SecretsManager to avoid namespace pollution. | ||
!!! | ||
|
||
If the newly pulled version of the `.env` file contains **additions, changes, or deletions**, your local `.env` file will not be overwritten. You can review those changes and then **re-run the command with the `--force` flag**. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
icon: repo-push | ||
title: push | ||
order: 100 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# `hush push` | ||
|
||
![](/assets/hush-push.gif) | ||
|
||
To push the contents of a `.env` file, use the `push` command: | ||
|
||
`yarn hush push <key> <envFile>` | ||
|
||
So for example: | ||
|
||
`yarn hush push joern-prod ./.env` | ||
|
||
!!! | ||
All keys get prefixed with `hush-` in the AWS SecretsManager to avoid namespace pollution. | ||
!!! | ||
|
||
You can also **provide an optional parameter `-m, --message`** to provide a sort of "commit message" for the current version of your secret. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
icon: lock | ||
title: revoke | ||
order: 96 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
# `hush revoke` | ||
|
||
!!! | ||
Not illustrated in a gif to not expose secret information. | ||
!!! | ||
|
||
To prevent another IAM user **in the same AWS account** from accessing your secret, use the `revoke` command like this: | ||
|
||
`yarn hush revoke joern-prod <user-identifier>` | ||
|
||
**`user-identifier` has to be _either_ an AWS ARN _or_ a username for a user that shares an AWS account with you.** | ||
|
||
Please keep in mind that users with higher privileges than you might still be able to access the secrets. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- | ||
icon: people | ||
label: Contributors | ||
order: 90 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
| Image | Name | Team | E-Mail | | ||
| ----------------- | ------------------------ | -------------------------- | -------------------------------------------- | | ||
| ![][joern-avatar] | [Jörn Meyer][joern-link] | ![Funkeys++][logo-funkeys] | [[email protected]][joern-link-email] | | ||
|
||
[joern-avatar]: https://joern.url.lol/avatar-100-round | ||
[joern-link]: https://joern.url.lol/🧑💻 | ||
[joern-link-email]: mailto:[email protected] | ||
[logo-funkeys]: https://res.cloudinary.com/ddux8vytr/image/upload/w_100/v1674478625/kpotkgezxhtytnhsrhlk.jpg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
order: 1100 | ||
icon: rocket | ||
expanded: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
icon: download | ||
label: Installation | ||
order: 90 | ||
author: | ||
avatar: https://joern.url.lol/avatar | ||
name: Jörn Meyer | ||
link: https://github.com/joerncodes | ||
--- | ||
|
||
To install Hush! for use in your project, install it like this: | ||
|
||
+++ Yarn | ||
`yarn add -D @kernpunkt/hush` | ||
+++ NPM | ||
`npm install --dev @kernpunkt/hush` | ||
+++ PNPM | ||
`pnpm add --save-dev @kernpunkt/hush` | ||
+++ | ||
|
||
!!! | ||
Before using Hush! make sure to select your AWS profile! | ||
!!! | ||
|
||
Before running either of the [commands Hush! provides](/commands), it's important to **select your AWS profile** by running **`export AWS_PROFILE=your-profile-name`** in the shell. If you don't have an AWS profile for your command line yet, [create one first using this guide](https://gist.github.com/joerncodes/6d96114dbbd84f3acd70a2ddb9f056b1). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
input: docs | ||
output: .retype | ||
url: # Add your website address here | ||
branding: | ||
title: 🤫 Hush! | ||
label: Secrets, but fun! | ||
links: | ||
- text: Getting Started | ||
link: https://retype.com/guides/getting-started/ | ||
footer: | ||
copyright: "© Copyright {{ year }}. All rights reserved." |