Would you trust a repository made like this to save your secrets?

Y	Hacker News new \| ask \| show \| jobs

	Would you trust a repository made like this to save your secrets? (github.com)
	2 points by nola-a 967 days ago

3 comments

Dachande663 967 days ago

Why keep something secret on a public repo? Is that not an oxymoron?

Also, I’m terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.

[0] https://github.com/FiloSottile/age

link

nola-a 967 days ago

Just to be sure that your secrets are reasonably available, always. (i) GitHub for high availability of the repo, (ii) Openssl, even it is not flawless, it is available everywhere and battle tested (iii) Bash is bash :)

link

upofadown 967 days ago

What are you using to do the encryption? How hard is the passphrase to crack?

link

nola-a 967 days ago

Looking at the script, a double round with aes-256-cbc [0] is done, moreover the file is hidden among thousands of files. Like others ciphers it is vulnerable at implementation level, that is a enough long key must be chosen. Maybe the script could be improved adding a passphrase check.

[0]https://github.com/nola-a/jump/blob/f907cffcb08fd96ea91cd7f3...

link

nola-a 967 days ago

Hi All,

my intention is to keep my secrets on a nice public repo, what do you think?

Thanks!

link