If you use this repo, star it
Looking to share end-to-end encrypted secrets via a one-time URL?
Please note that this project is under active development. APIs might change before version 1 is released.
Sniptt is a developer-friendly secret manager.
It simplifies and improves the experience of sharing end-to-end encrypted secrets such as API keys, database passwords, and other credentials between engineers.
You can finally say goodbye to 1Password, LastPass, and Dashlane
Read more in our introductory post on Sharing secrets with teams.
The recommended way to install snip
on macOS is via Homebrew.
brew tap sniptt-official/tap
brew install snip
To update to latest version of snip
, use:
brew upgrade snip
If you're using macOS Keychain to store the master passphrase, you might need to grant snip
access to the Sniptt Safe Storage item by clicking "Always Allow".
Alternatively, you can also install snip
via npm.
npm install sniptt -g
See Releases
Create a new account or configure a new device with an existing account.
$ snip configure
For advanced usage, type $ snip configure -h
.
Add end-to-end encrypted secrets to your personal vault.
# Add simple key/value (you will be prompted using hidden password input).
$ snip add DB_PASSWORD
# Add file.
$ snip add --file .env.prod
For advanced usage, type $ snip add -h
.
Read end-to-end encrypted secrets from your personal vault.
# Read simple value.
$ snip get DB_PASSWORD
# Read a file.
$ snip get .env.prod
# Download a file.
$ snip get .env.prod -o .env.prod
# Get started with automation.
$ snip get .env.prod -q --json | jq -r .SecretContent | base64 -d
For advanced usage, type $ snip get -h
.
Vaults allow you to store and share secrets with others.
# Create a new vault.
$ snip vault create creds:aws
# Add a member to a vault.
$ snip vault add-member creds:aws -e alice@example.com
# Add a secret to a vault.
$ snip add -f sandbox.csv -v creds:aws
# Automate workflows.
$ snip vault ls -q --json | jq -r ".[].VaultId" | pbcopy
For advanced usage, type $ snip vault -h
.
Update/rotate end-to-end encrypted secrets.
# Update simple key/value (you will be prompted using hidden password input).
$ snip update DB_PASSWORD
# Update file.
$ snip update --file .env.prod
# Update file in a shared vault.
$ snip update -f sandbox.csv -v creds:aws
For advanced usage, type $ snip update -h
.
Looking to share end-to-end encrypted secrets via a one-time URL?
Check out ots-cli - our zero-configuration, light-weight CLI written in Go and designed specifically for fast and secure sharing of one-time secrets.
Share an end-to-end encrypted secret via a one-time URL.
# Create one-time secret.
$ snip share AYYGR3h64tHp9Bne
# Create one-time secret from a file.
$ snip share --file .env.local
For advanced usage, type $ snip share -h
.
Our engineering blog is now live!
All secrets are end-to-end encrypted, which means the plaintext values never leave your device. We do not log, track, share, or store the master passphrase that protects your account master keys.
A key derivation function is used to ensure the password used to encrypt the master account private key is always of constant length, is salted, and would be difficult to break computationally, although there is currently no validation on the strength of the master password chosen (except that the length must be at least 12 characters). This is something we are working to improve.
The computed password can optionally be stored in an OS keychain service such as macOS Keychain. We use Keytar to faciliate the integration with native OS keychains.
The password salt is currently stored in the ledger on our server, but we are looking at ways to improve the entire security model of generating and storing the account master key(s).
Lastly, our client code is fully open source. You can see exactly what it does and you can also see how the binaries get built and distributed.
We store the account email, account name, account and vault public keys and encrypted private keys. We store the private keys encrypted as PGP messages to allow for secure sharing. In theory, the mechanics of vaults and sharing secrets within vaults mimics how a Signal group chat works - allowing multiple members of a group to read end-to-end encrypted messages.
All secrets are stored encrypted as PGP messages.
You can take a look at the source code to see for yourself which details are being sent to our backend service.
A secret must belong to a vault. Each vault has its own keypair, where the private key is encrypted with the public keys of the members of the vault. The roles of the members (Read, Admin, Owner) are stored in the ledger and are used to control access to both the vault and the secrets within it.
For example, a Read role can only view secrets in a vault, an Admin role can add secrets to a vault, and an Owner role can additionally manage members of a vault.
One-time secrets can be created using the snip share
command and then shared by sending the generated URL to the recipient.
The secret value is encrypted using a private key which itself is then encrypted using a strong password generated by the CLI. This password can then be used to decrypt the encrypted private key and subsequently decrypt the secret on the receiving end - in this case in the browser. While we do not log, track, share, or store this password, it is embedded in the generated URL and so you should take extra care when sharing this URL with the recipient.
Once viewed, the secret will be deleted from the server along with the public key and encrypted private key used to protect it. The "get" and "delete" executions happen in a single transaction.
IMPORTANT: Make sure to note down your master passphrase and store it somewhere secure.
To register a new device, run snip configure
with your existing account email. Upon confirming your master passphrase you will be able to access your content again.
This is one of the reasons we chose a rather simple approach (PGP, encrypted keys, etc.) at first as we wanted to make sure the barrier to entry is as low as possible before we move onto a more advanced solution.
Sniptt is free for personal use with the following limits:
To increase limits and access more features, please email us at support@sniptt.com.
Yes, we are actively working on providing a self-hosted option with licensing.
Our platform is built on AWS, using 100% serverless architecture. We rely heavily on Lambda, so you may occasionally experience what's called a "cold start". Another reason your requests might be taking slightly longer is if you're not in Europe. We're currently only deployed in eu-west-1 (Ireland), however we plan to deploy in 2 additional regions soon.
See LICENSE
python学习过程中会遇见程序代码样例带–snip– 比如《外星人入侵》项目里面12.3.2设置背景色,再次修改alien_invasion.py的代码时出现的 --snip–,如下 --snip-- def run_game(): --snip-- pygame.display.set_caption("Alien Invasion") # 设置背景色 bg_c
浪费了我两天终于搞懂了,我好难啊 #在这里我会给大家详细介绍,因为我当初看了网上的也是一脸懵。 class Dog(): def __init__(self,name,age): self.name = name self.age = age def sit(self): print(self.name.title() + " is
首先明确物体太小太大都不好检测(都从roi的角度来分析): 1.小物体: a.本身像素点少,如果从anchor的点在gt像素内来说,能提取出来的正样本少 b.小物体会出现iou过低。具体来说,假设a是一个框,b是一个小框(gt),就算a的框和b的框重叠的部分占到了b的90%,但是如果a的框比较大,iou还是会低,正样本也就少了
A number of MathJax configuration options allow you to specify an HTML snippet using a JavaScript object. This lets you include HTML in your configuration files even though they are not HTML files the
我做了一个狙击命令,但唯一的问题是它没有正确地提到用户。我一直想解决这个问题。我还附上了鸟的照片。回溯错误: 忽略命令snipe:Traceback(最后一次调用)中的异常:文件“/opt/virtualenvs/python3/lib/python3.8/site packages/discord/ext/commands/core.py”,第85行,在wrapped ret=await cor
Code snippets are ready-made snippets of code you can quickly insert into your source code. For example, a for code snippet creates an empty for loop. 代码段是一种可以快速插入到源代码中的代码片段。例如,对于代码片段创建一个空的for循环。 Each
This extension allows you to test snippets in the documentation in a natural way. It works by collecting specially-marked up code blocks and running them as doctest tests. Within one document, test co
Create snippets.json file in extensions folder to add or override snippets. The structure of this file is the same as the original one: on the top level you define syntax name your snippets belong to,
This extension allows you to test snippets in the documentation in a natural way. It works by collecting specially-marked up code blocks and running them as doctest tests. Within one document, test co
Snips 是 QingCloud & QingStor SDKs 的代码生成工具。Snips 使用 OpenAPI Specification(Swagger)v2.0 格式的 API 规范为 QingCloud 和 QingStor SDK 生成各种代码。 Snips 采用 API 规范和模板来生成大量的 API 代码,这些生成的代码加上手写的代码组成 SDK。 接下来,我们使用测试脚本来确保
SnipSnap 是一个免费 java 写的且安装简单的 webBlog 与 wiki 工具。