Via HomeBrew (OSX and Linux)
This is by far the easiest way to get the binary. Just execute the following code:
brew tap share-secrets-safely/cli
brew install sheesy
This will install gpg
as well, which is required for the sheesy vault
to work.
Via Git Clone
Thanks to the getting-started
repository, obtaining the release binaries on demand becomes a breeze.
This is particularly useful for quick fetchin sheesy
for use within containers.
git clone https://github.com/share-secrets-safely/getting-started
./getting-started/sy
Cloning into 'getting-started'...
Downloading https://github.com/share-secrets-safely/cli/releases/download/4.0.10/sy-cli-Linux-x86_64.tar.gz...
error: 'sy' requires a subcommand, but one was not provided
USAGE:
sy <SUBCOMMAND>
For more information try --help
The binaries are download when ./sy
is first executed, and you will find them in ./bin/$(uname -s)/*
for further use.
Via Releases
Please note that in order to use sy
, you will need a working installation of gpg
.
Navigate to the releases page and download a release binary suitable for your system. A full example for linux looks like this:
curl --fail -Lso sy.tar.gz https://github.com/share-secrets-safely/cli/releases/download/4.0.5/sy-cli-Linux-x86_64.tar.gz
curl --fail -Lso sy.tar.gz.gpg https://github.com/share-secrets-safely/cli/releases/download/4.0.5/sy-cli-Linux-x86_64.tar.gz.gpg
# verify 'sy' was built by one of the maintainers
gpg --import <(curl -s https://raw.githubusercontent.com/share-secrets-safely/cli/master/signing-keys.asc) 2>/dev/null
gpg --sign-key --yes --batch 763629FEC8788FC35128B5F6EE029D1E5EB40300 &>/dev/null
gpg --verify ./sy.tar.gz.gpg sy.tar.gz
# now that we know it's the real thing, let's use it.
tar xzf sy.tar.gz
# This will print out that the file was created by one of the maintainers. If you chose to
# trust the respective key after verifying it belongs to the maintainers, gpg will tell you
# it is verified.
# Finally put the executable into your PATH
mv ./sy /usr/local/bin
gpg: Signature made Fri Aug 16 09:58:02 2019 UTC
gpg: using RSA key 763629FEC8788FC35128B5F6EE029D1E5EB40300
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: Good signature from "Sebastian Thiel (Yubikey USB-C) <sthiel@thoughtworks.com>" [full]
Now the sy
executable is available in your PATH
.
sy --help
sy 4.0.10
Sebastian Thiel <byronimo@gmail.com>
The 'share-secrets-safely' CLI to interact with GPG/pass-like vaults.
USAGE:
sy <SUBCOMMAND>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
SUBCOMMANDS:
vault Various commands to store and retrieve secrets and control who has access.
substitute Substitutes templates using structured data. The idea is to build a tree of data that is used to
substitute in various templates, using multiple inputs and outputs.That way, secrets (like
credentials) can be extracted from the vault just once and used wherever needed without them
touching disk.Liquid is used as template engine, and it's possible to refer to and inherit from
other templates by their file-stem. Read more on their website at
https://shopify.github.io/liquid .
process Merge JSON or YAML files from standard input from specified files. Multi-document YAML files are
supported. Merging a single file is explicitly valid and can be used to check for syntax errors.
extract Extract scalar or complex values from any JSON or YAML file. Multi-document YAML files are
supported.
completions generate completions for supported shell
help Prints this message or the help of the given subcommand(s)
Read more on https://share-secrets-safely.github.io/cli
Via Cargo
If you already have cargo
available, installation is as easy as the following:
cargo install sheesy-cli
This installation should be preferred as it makes updating the binary much easier.
If you don't have cargo
yet, you can install it via instructions on rustup.rs.
Please note that for building on OSX, you are required to locally install certain dependencies, which is also the case on linux systems.