NAME

safe-agent — decryption key agent

SYNOPSIS

safe-agent [-hdv] [-t timeout] [-f socket]

DESCRIPTION

safe-agent can retain a derivated key and its salt in memroy, and send it over a UNIX-domain socket to whichever process can read this socket.

Pushing a key and its salt is done by writing them to the socket. The retained key can be instantly forgotten by sending signal SIGUSR1 or SIGALRM to the running agent.

-h

Print a quick usage text.

-d

Do not detach the process from the controlling terminal.

-v

Turn on verbose mode. safe-agent will print debugging messages to stderr. This is useful to troubleshoot connection issues between the agent and the client.

-t timeout

Retain the key for timeout seconds. This will setup an alarm(2) timer, which make the agent forget the key after the timeout.

-f socket

Bind agent to socket UNIX-domain socket. (default: /tmp/safe-XXXXXX/agent.ppid)

The agent prints will print commands ( sh(1)) to stdout, that can be evaluated by the calling shell for exportation to the environment.

Later calls to safe(1) will use these environment variables internally to retrieve the key and use it to encrypt/decrypt the stored secrets.

EXAMPLES

Retrieve a secret from your safe, using the agent

  $ eval $(safe-agent)
  $ safe -r
  password:
  $ safe secret/file > kitten.gif

ENVIRONMENT

SAFE_PID: Stores the PID of the currently running agent.
SAFE_SOCK: Stores the path to the UNIX-domain socket used to communicate with the agent.

AUTHORS

Willy Goiffon <dev@z3bra.org>