Seekret Service

This service exposes secrets and usernames from a KeePass database file through a webservice interface. This way, secrets and usernames can be queried using curl. For security reasons, data read from the KeePass database is encrypted in memory.

Note	This is my first project in Rust. There may be a lot of potential for improvements — of which I’m happy to hear!

Motivation

Usage of secrets in direnv:

GITLAB_TOKEN="$(curl --silent "http://localhost:8123/access-keys/GitLab/GitLab-API-Token-Shell/secret")"

The same way you may obtain the username of an entry:

GITLAB_TOKEN="$(curl --silent "http://localhost:8123/access-keys/GitLab/GitLab-API-Token-Shell/username")"

Usage

You may want to start the service in background using the following command:

nohup seekret-service --keepass-path "/path/to/keepassfile.kdbx" > /dev/null 2>&1 &

For further help please run:

seekret-service --help

Testing

Unit-Tests

RUST_LOG=debug cargo test -- --nocapture

Test with

RUST_LOG=debug cargo run -- --keepass-path test.kdbx --keepass-keyfile test.key

Test-keyfile test.kdbx with password test and keyfile test.key. Here you can find the entry root_entry1 wich username root-username and password root-password. You may then request username and password of this test entry using:

curl  curl http://127.0.0.1:8123/root_entry1/username
curl  curl http://127.0.0.1:8123/root_entry1/secret

Release

cargo build --release

Compiling

Windows

• Install cross: cargo install cross

• Install targets for Windows:

  • rustup target add x86_64-pc-windows-gnu

  • rustup target add x86_64-pc-windows-msvc

• Compile with: cargo build --target x86_64-pc-windows-gnu