I have keystore in windows as below -
secretkeys.skr
publickeys.pkr
I want to add new pgp pubic keys to above keystore. Can someone help me with the command.
I tried using some tool and gpg commands but no luck as the keys are not updating in the above files.
We use below command to list and encrypt
pkzipc -listcertificates=AddressBook
pkzipc -add -archivetype=pgp -cryptalg=AES,128 -recipient="!encryptionKey!" "!encrptedFileDestination!\%%~nxA" "%%~fA"
Can someone help with any command or tool where I can set the keyring to above file and import the keys to that store.
Thanks,
Arpit
Related
I need the names of the keys for a build pipeline in GitHub actions, the values of the keys encrypted in the repo but decrypted in my local environment.
Example:
I need the .env file like this (decrypted) in my local environment:
ACCESS_KEY = mykeysecret123
ANOTHER_KEY = key2secret
.env-file
And like this (encrypted) in the GitHub repo:
ACCESS_KEY = f4d5dfa6f5da4f6as5dfsdhgzxcvr4
ANOTHER_KEY = dhjdujfk5f64f8ghjdj5j56jhjh4jhf
.env-file-encrypted
Very similar to what transcrypt does, but transcypt encrypts the whole file, and I need the key names of the file to be not-encrypted, so when the build runs in Github actions it can find the names of the variables. The build does not need the actual secret values. It's failing becase I have a config file with:
import { ACCESS_KEY, ANOTHER_KEY} from 'react-native-dotenv'
And when the build looks for those names in the .env file, it can't find them if the file is encrypted with transcrypt or git-crypt or any other encrypting tool that encrypts the whole file.
There is a nice tool by Mozilla that encrypts only the values and not the keys of your secret file
https://github.com/mozilla/sops
Follow the detailed tutorial video here : https://www.youtube.com/watch?v=V2PRhxphH2w
react-native-dotenv maintainer here! I took a look at your screenshots and I'm noticing a couple issues:
Make sure to remove all spaces in the .env file around the =, e.g. ACCESS_KEY=f4d5dfa6f5da4f6as5dfsdhgzxcvr4.
you need to do import { ACCESS_KEY, ANOTHER_KEY } from '#env'
I have created a SSH key in my local host in another user login (Instead of root user). The public (id_rsa.pub) and private (id_rsa) key files in the directory (/home/user/.ssh/). I have copied the public key file to the remote host in the directory (./ssh/authorized_keys). Passphrase is empty.
I have written a java program to connect to the remote host (linux machine) from my local host (linux machine) using maverick-legacy-client-1.7.5-all.jar classes.
Following is my code block
com.maverick.ssh.PublicKeyAuthentication pubKey = new com.maverick.ssh.PublicKeyAuthentication();
pubKey.setUsername(userName);
SshPrivateKeyFile pkf = SshPrivateKeyFileFactory.parse(privateKey);
SshKeyPair pair = pkf.toKeyPair(passphrase);
But While running the program, I am facing the following issue
com.sshtools.publickey.InvalidPassphraseException: Unsupported type: OPENSSH PRIVATE KEY
at com.sshtools.publickey.OpenSSHPrivateKeyFile.toKeyPair(OpenSSHPrivateKeyFile.java:88) ~[maverick-legacy-client-1.7.5-all.jar:?]
I didn't get any clue why this issue is happening.. Please help me to resolve this issue.
You are using a version of the Maverick SSH API that is over 3 years old which does not support the new OpenSSH Private Key format. Since OpenSSH 7.8 the default behavior is to generate keys in its new format.
Upgrade to the latest version of Maverick 1.7.34 which supports the new format.
I want to decrypt the passwords(getting the value from connection table) for airflow connections. Is there any way I can decrypt the password value.
You can do:
from airflow.hooks.base_hook import BaseHook
connection = BaseHook.get_connection("conn_name")
conn_password = connection.password
conn_login = connection.login
Export your connections
airflow connections export connections.json
Install ejson to encrypt your file
brew tap shopify/shopify && brew install ejson or download the .deb package from Github Releases.
Add the public key at the top of your file, as shown in the image
ejson keygen -w
Encrypt your connections
ejson encrypt connections.json
Version, the file in Git, decrypt the connections, and import them into the DB within your CI/CD pipeline
credits to Marc Lamberti from Astronomer
Recently encountered a similar issue. You can now export connections in json or yaml format in Airflow 2.3.2. This will provide all the key values that an Airflow connection is represented by.
Command to run:
airflow connections export connections.yml --file-format yaml
See the Airflow documentation for more details:
https://airflow.apache.org/docs/apache-airflow/2.0.2/howto/connection.html#exporting-connections-from-the-cli
How can I get rails to generate a master key? I'm wanting it to decrypt the credentials file in a production environment.
This is how I tried to generate a new key:
config$ rm credentials.yml.enc
config$ EDITOR=vim rails credentials:edit
File encrypted and saved.
In case anyone is looking for a way to generate an encryption key that is exactly 32 characters:
$ bundle exec rails secret | cut -c-32
=> 8d000d7e7233facfc8300b9a3fe0421e
Then save that to your .env as:
# Generated by:
# bundle exec rails secret | cut -c-32
# If one is already setup, you may need to ask someone for it.
RAILS_MASTER_KEY=8d000d7e7233facfc8300b9a3fe0421e
So it turns out I had RAILS_MASTER_KEY set as an environment variable from testing. Rails was referencing that instead of generating a new key. I unset the environment variable and it's now working.
I've build an OSS project https://github.com/datlinq/scalafiniti
The Travis-ci pipeline works perfectly, but for 1 final step.
I followed these guides:
http://www.scala-sbt.org/0.13/docs/Using-Sonatype.html
http://www.scala-sbt.org/sbt-pgp/usage.html
https://github.com/xerial/sbt-sonatype
Locally I got all steps working fine and actually published to the Nexus.
In the .travis.yml I import the key before install (Encrypted in travis.ci env)
before_install:
- echo "$PGP_SECRET" | base64 --decode | gpg --import
- echo "$PGP_TRUST" | base64 --decode | gpg --import-ownertrust
The $PGP_PASS is also encrypted in Travis env and available for the build.sbt
I checked it actually gets the key in this command
pgpPassphrase := sys.env.get("PGP_PASS").map(_.toArray)
Now if Travis runs the command
sbt publishSigned
It still prompts for a passphrase for my key
You need a passphrase to unlock the secret key for user:
"com.datlinq.datalabs (Key for Datalabs OSS) "
2048-bit RSA key, ID 305DA15D, created 2017-09-01
Enter passphrase:
I don't know what I should do to make this work
This moment in time is captured:
code:
https://github.com/datlinq/scalafiniti/tree/0d8a6a92bf111bae2a1081b17005a649f8fd00c9
build log:
https://travis-ci.org/datlinq/scalafiniti/builds/271328874
So, the reason it prompted for a password and ignored all sbt based configurations was due to the fact the build script used the local gnupg installation instead of the one packaged with sbt-pgp (bouncy castle).
The local gpg wants you to manually enter the password the first time. A bit hard using TravisCI
So the solution was ignore the local gpg and use the bundled one, that uses the pgpPassphrase setting
Looking back to the documentation:
http://www.scala-sbt.org/sbt-pgp/usage.html
In one of the first lines it actual says:
If you’re using the built-in Bouncy Castle PGP implementation, skip this step.
The first step towards using the GPG command line tool is to make sbt-pgp gpg->aware.
useGpg := true
So the solution was to set useGpg := false
For more details look at the current repo:
https://github.com/datlinq/scalafiniti
Or check this blog (which I found later) https://alexn.org/blog/2017/08/16/automatic-releases-sbt-travis.html