alt Hacker NewsShow HN: Secs-man, a secrets manager you can (not) rely on
This is a tool to manage encrypted local backups of secrets. The core idea is that it aims to be usable without depending on it, meaning that even if the software disappeared from the face of Earth tomorrow, your data would still be recoverable.
It also integrates nicely with NixOS (which is what I use, though it does not require NixOS to be used).
I have summed up a bit of explanation and some answers to reasonable questions in a blog post: https://baldino.dev/blog/secs-man/
Comments
What advantages does this have compared to something like the .kdbx format invented by KeePass, which is open and implemented by many other open-source tools than KeePass itself?
It reads to me as "sex man" but aside from that, looks useful!
This project is screaming for a pronunciation guide.
So is this like a encrypt tool where we pass an external key to encrypt and we can use other apps to decrypt since key is not embedded in the tool? Or am I understanding it wrong?
[dead]
This is an interesting motivation for the project... I kind of get it, but, have you looked at fnox[0][1]? Curious how you'd compare/contrast goals with that if so, I think I prefer that as its not coupled to a single encryption tool (age) but supports age as well as multiple cloud or local options behind one unified interface... I think it can even mix multiple stores together? but I may be missing something/didn't read thoroughly yet...maybe there's a reason fnox doesn't work as well with Nix? fnox was discussed here previously[2]
[0]https://github.com/jdx/mise/discussions/6779 [1]https://github.com/jdx/fnox [2]https://news.ycombinator.com/item?id=45722931