Skip to content

uonr/mimi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
mimi
mimi
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
nixos.nix
nixos.nix
 
 
requirements.txt
requirements.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

mimi

A simple secrets provision server

Example

# Required for decrypting the secrets
nix-shell -p rage 

nix run 'github:uonr/mimi' init
# Set passphrase
mkdir -p secrets/example/
echo 'ほんとのきもちはひみつだよ' > secrets/example/secret
nix run 'github:uonr/mimi' serve
# Input passphrase
curl -F "[email protected]" -X POST http://localhost:8111/sign/example > example.sig
cat example.sig
# -----BEGIN SSH SIGNATURE-----
# ...
# -----END SSH SIGNATURE-----
curl -F "[email protected]" -X POST http://localhost:8111/get/example | rage --decrypt -i key > example.txt
cat example.txt
# ほんとのきもちはひみつだよ

ssh-keygen -Y check-novalidate -n file -f key.pub -s example.sig < example.txt
# Good "file" signature with ED25519 key SHA256:...

NixOS configuration example:

{ pkgs, ... }: {
  services.mimi = {
    enable = true;
    provisionerPublicKey = ''
      ssh-ed25519 ... mimi
    '';
    domain = "mimi.example.com";
  };
}

Todo

  • Sign response content by the public key of the provisioner
  • Passphrase
  • Encrypt the secrets on disk
  • Access log
  • IM notifications

About

A simple secrets provision server

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages