Just to be sure that your secrets are reasonably available, always.
(i) GitHub for high availability of the repo, (ii) Openssl, even it is not flawless, it is available everywhere and battle tested (iii) Bash is bash :)
Looking at the script, a double round with aes-256-cbc [0] is done, moreover the file is hidden among thousands of files.
Like others ciphers it is vulnerable at implementation level, that is a enough long key must be chosen. Maybe the script could be improved adding a passphrase check.
5 comments
[ 58.6 ms ] story [ 855 ms ] threadmy intention is to keep my secrets on a nice public repo, what do you think?
Thanks!
Also, I’m terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.
[0] https://github.com/FiloSottile/age
[0]https://github.com/nola-a/jump/blob/f907cffcb08fd96ea91cd7f3...