Show HN: Ward – a file vault written in bash (github.com)

20 points by genesishash ↗ HN
just wanted to share ward, a tool i hacked together to encrypt and manage sensitive files in a vault folder. it's written in bash and meant to be cloned and then stored using git or version control.

you don't have to store it that way, it's just why i created it.

what ward does:

encrypts the files in ./vault/ into a single .gpg file, checks to see if your files have been tampered with, generates totp codes if you need them to recover critical accounts.

how to use it:

clone the repo, toss your files into the vault directory, and run yarn encrypt. now commit your new [private] repository or save it somewhere.

that's it. repo link: https://github.com/oeo/ward

feedback welcome, or just let me know if you find it useful.

11 comments

[ 6.7 ms ] story [ 33.5 ms ] thread
Thank you for this simple but useful tool! It works. I will be happy to use it e.g. with USB sticks, where I sometimes transfer sensitive data and so far I have only used dm-crypt.

Btw, if somebody's Ubuntu/Debian doesn't want to find "oath-toolkit", install "oathtool".

This all lowercase trend is getting out of hand. What are people even doing? Do you write everything normally then use a script to lowercase every letter? Uppercase letters have a purpose, they provide clarity. Please respect your readers.

Like it or not, presentation sends a signal. Why would someone trust a security project where the author hasn’t even bothered to write instructions properly or make legible commit messages?

Hᴇʟʟᴏ. Iᴛ sᴜʀᴇ ᴅᴏᴇs sᴇɴᴅ ᴀ sɪɢɴᴀʟ.
What’s the point of this comment? What does it accomplish other than being inscrutable to people on screen readers?
Why do I need yarn (package manager for JavaScript) for invoking bash scripts?
Thanks for creating this. However, I was a bit puzzled when I found a packages.json and then saw that all the heavy lifting is done from bash. I don't understand the need for having to install Yarn for just running a bunch of bash scripts. IMHO, after seeing the size and the amount of logic within the scripts, I think you could have made it more ergonomic by just building a bash script that takes parameters and that's it.