Scoob is a secrets management tool, designed to make managing your development and production secrets easier, and cloud-agnostic.
Secrets are encrypted using Sodium sealed boxes.
bash
brew install hostyhosting/tap/scoob
Shell (Mac, Linux):
bash
curl -fsSL https://scoob-rs.netlify.app/install.sh | sh
PowerShell (Windows):
bash
iwr https://scoob-rs.netlify.app/install.ps1 -useb | iex
Build and install from source using Cargo:
bash
cargo install scoob --locked
Docker
docker run -it --init hostypost/scoob:latest
In your Dockerfile
```Dockerfile FROM hostypost/scoob:latest AS scoob
COPY --from=scoob /usr/local/bin/scoob /usr/bin/scoob ```
First, you'll want to create a secrets file:
bash
scoob manage ./secrets.yml
This will open your editor with an example Scoob configuration file. A pair of public and secret keys will auto-generated and provided in the file. Make sure you don't commit these into your repository, and instead replace them with values provided dynamically via environment variables. When you close your editor, all of the values under configuration: will be encrypted, and the file will be written to disk.
At a later point, you can add additional secrets by running the same command:
bash
scoob manage ./secrets.yml
We recommend creating a separate secrets file for development and production. This way, you can keep your production keys separate.
To use these secrets, you can start a process with Scoob:
bash
scoob start ./secrets.yml <command...>
This will decrypt the secrets in the file, and will run the command with the secrets added to the environment variables.
Scoob also supports encrypting and decrypting files. This can be useful to encrypt configuration for tools that expect file-based configuration.
scoob file ./secrets.yml encrypt ./raw-file ./encrypted-file
By default, Scoob will use the * key when encrypting a file. You can specify a specific encryption key with the --key flag.
scoob file ./secrets.yml decrypt ./encrypted-file ./decrypted file-file