BlackBox
#Access Control#IAM
Find leaked credentials by scanning repositories for high entropy strings.
Safely Store Secrets in a VCS Repository (e.g., Git, Mercurial, Subversion, or Perforce)
When managing sensitive information, it is crucial to securely store secrets within a Version Control System (VCS) repository. This includes systems such as Git, Mercurial, Subversion, or Perforce.
These commands simplify GPG encryption
These commands simplify the process for you to use Gnu Privacy Guard (GPG) to encrypt specific files in a repository, ensuring that they are 'encrypted at rest' within your repository.
However, the scripts simplify decryption
However, the scripts simplify the process of decrypting files when you need to view or edit them, as well as decrypting them for use in production. Initially designed for Puppet, BlackBox now supports any Git or Mercurial repository. WARNING: The aim of this project is to serve as a straightforward wrapper around gpg, allowing you and your coworkers to avoid memorizing all those complex and confusing flags.
It is not intended to be a comprehensive solution
It is not intended to function as a sophisticated encryption system that addresses all issues or accommodates a large number of files.
The ideal use-case is to securely manage secrets
The ideal use-case is to store sensitive information in a secure service like Conjur, AWS KMS, Azure Key Vault, or GCP KMS. You can then use Blackbox to safely keep the API keys required to access that system. This approach allows you to encrypt a single, small file. Any feature requests for additional capabilities will be declined; please do not expect or request 'enterprise features.' If this is disappointing, you might want to explore alternative projects such as https://www.agwa.name/projects/git-crypt.
