stash
stash is a command line program for storing text data in encrypted form.
All user data is encrypted using AES 256 cipher.
Data is hashed for indexing purposes using a good random salt + SHA512.
Table of Contents
- stash
Rationale
All of us need to store sensitive information. At the very least, we need to keep passwords and keys to numerous online services we use. Storing them in plain-text is risky. So is not keeping backups in multiple locations.
stash is an open-source tool to store text in encrypted form. The encrypted data can be stored in untrusted locations without compromising it,
granted the encryption-key is unguessable.
Installation
Linux and Mac
Install:
brew install rorokimdim/brew/stashUpgrade:
brew upgrade stashUninstall:
brew uninstall stashBinaries are available at releases.
Others
No pre-built binaries available at this time. We will need to build from source using stack install or cabal install.
Install stack, clone this repository and run the following in repository directory.
stack installGetting Started
Create a stash file.
stash create {path-to-stash-file}Replace {path-to-stash-file} with path to the stash file. For example ~/Dropbox/secret.stash.
Stash will prompt for the encryption-key (password) to use for the file. The key is not saved anywhere, but a salted hash (good random salt + SHA512) of the key and the salt is saved.
When we run a stash command, we will be prompted for our encryption key. It is checked against the hash stored during
stash create. For the duration of the command, the encryption key will be used for encrypting/decrypting data.
The salt stored during stash create is also used for hashing any data for indexing purposes.
Browsing
This feature does not currently work on windows.
Terminal user interface (default)
stash browse {path-to-stash-file}| Shortcuts | Description |
|---|---|
| ESC (q) | Quit |
| ? | Show this help |
| + | Add a new key |
| > | Add a child key to selected key |
| - | Delete selected key |
| , (r) | Rename selected key |
| / | Search and sort by pattern |
| y | Copy value of selected key into system clipboard |
| Enter | Set value of selected key |
| H | See history of values of selected key |
| Left arrow (h) | Move to parent of selected key |
| Right arrow (l) | Move to child of selected key |
| Up arrow (k, Ctrl-p) | Select above |
| Down arrow (j, Ctrl-n) | Select below |
| g, G | Move to top, Move to bottom |
| Ctrl-u, Ctrl-d | Scroll keys half page up / down |
| Ctrl-b, Ctrl-f | Scroll keys one page up / down |
As Org text
stash browse -f org {path-to-stash-file}Opens as Org text in default editor. Set EDITOR environment variable to your editor command. Defaults to vim.
As Markdown text
stash browse -f markdown {path-to-stash-file}Opens as markdown text in default editor. Set EDITOR environment variable to your editor command. Defaults to vim.
Dumping contents to stdout
As Org text (default)
stash dump -f org {path-to-stash-file}As Markdown text
stash dump -f markdown {path-to-stash-file}As JSON text
stash dump -f json {path-to-stash-file}Backing up data
stash backup {path-to-stash-file}Creates a timestamped copy of stash file in the same directory as the original file.
Importing text
We can import org and markdown text into stash. This feature is only available in version 0.2.0+.
cat {path-to-text-file} | stash import {path-to-stash-file}stash import will assume text is in org format by default, but markdown is supported too:
cat {path-to-text-file} | stash import -f markdown {path-to-stash-file}We can import from another stash file similarly:
stash dump {path-to-source-stash-file} | stash import {path-to-destination-stash-file}We will need to first enter encryption-key for the source stash-file followed by encryption-key for the destination stash file.
Babashka pod support
stash exposes a bencode interface using Babashka Pod Protocol.
If you are familiar with clojure or babashka, see clojure-example.
Common-lisp folks see common-lisp-example.
Python folks see python-example.
Customization
A few things in stash can be customized via environment variables.
| Name | Description | Possible Values | Default |
|---|---|---|---|
STASH_ENCRYPTION_KEY |
encryption key | - | prompt as needed |
STASH_WIPE_CLIPBOARD_AFTER_BROWSE |
wipe clipboard after browse | true, false | false |
STASH_LOG_LEVEL |
logging level | DEBUG, INFO, WARN, ERROR | INFO |
STASH_TUI_COLOR_SELECTED |
color of selected item | see below | cyan |
STASH_TUI_COLOR_CURRENT_PATH |
color of current path | see below | white |
STASH_TUI_COLOR_SORT_PATTERN |
color of sort/search text | see below | white |
BABASHKA_POD |
start as babashka-pod | true, false | false |
EDITOR |
command for editing text | - | vim |
Color values can be one of black, red, green, yellow, blue, magenta, cyan,
white, brightBlack, brightRed, brightGreen, brightYellow,
brightBlue, brightMagenta, brightCyan and brightWhite.
Shell Autocompletion
bash
source output from following command
stash --bash-completion-script `which stash`zsh
Create a _stash in your $FPATH (try ~/.zsh/_stash) with contents from following command
stash --zsh-completion-script `which stash`fish
source output from following command
stash --fish-completion-script `which stash`Credits
- Haskell
- cryptonite and crypto-simple
- brick and optparse-applicative
- All of these libraries and all the things they depend on
- Every stash file is a sqlite file
- Scriping support via clojure and babashka