Store your secrets securely in the cloud.
Morocco is a command-line secrets store supporting AWS (implemented) and Google Cloud Platform (coming soon).
Download the latest binary from the releases page. There are binaries for Mac and Linux.
(Optional) put the binary somewhere on your $PATH.
Before you can start storing secrets, you will need to run morocco aws setup.
This will create a DynamoDB table and a KMS (Key Management Service) customer master key.
$ morocco aws setup
Set up complete. Created Dynamo table. Created customer master key.
Use the "put" command to store a secret:
$ morocco aws put db.password so-very-secret
Stored secret.
Here db.password is an identifier for the secret, and so-very-secret is the value you want to store securely.
If a secret with that ID already exists and you want to update it, use the --overwrite option:
$ morocco aws put --overwrite db.password new-value
Stored secret.
$ morocco aws get db.password
new-value
$ morocco aws list
db.password
other.secret
$ morocco aws delete db.password
Deleted secret.
Secrets are encrypted using AES-256 in CBC (Cipher Block Chaining) mode with PKCS padding. IVs are secure random bytes.
Morocco Mole is the sidekick of Secret Squirrel, who knows a thing or two about security.
Morocco was inspired by credstash.