Expand description
instrument-credentials-from-keeper/keepass.
ick provides a thin wrapper over the windows credential store, injecting appropriate credentials which are acquired from either keeper or keepass.
§Installation
Put the binary ick.exe
in a directory on your PATH
.
ick
requires environment variables in order to acquire credentials:
ICK_CRED_STORE
, should be set to eitherkeeper
orkeepass
, describing the password-manager backend whichick
will acquire passwords from. This environment variable can be set permanently.ICK_KEEPASS_FILE
(keepass only), a path to a keepass (.kdbx) file containing the passwords. This environment variable can be set permanently.ICK_KEEPASS_KEY
(keepass only), the decryption password for the keepass database. This should not be set as a permanent environment variable; it should be manually entered as an env variable into a specific shell, and should be cleared (or the shell closed) once administration tasks are complete.ICK_KEEPER_TOKEN
(keeper only), a token used to access the keeper API. This should not be set as a permanent environment variable; it should be manually entered as an env variable into a specific shell, and should be cleared (or the shell closed) once administration tasks are complete. This is not supported yet.
§Usage
For a description of available ick
commands and flags, use:
ick help
For help on a specific subcommand, for example ick add-creds
, use:
ick help add-creds
The default Logging level is INFO. This can be increased or decreased one level at a time with the
-v
/--verbose
or -q
/--quiet
flags, which can be specified multiple times. Logs are printed to stderr.
§Examples
Add user-level credentials for INST1
and INST2
to the windows credential store, as an unprivileged user or admin user:
ick add-creds -i NDXINST1,NDXINST2
ick add-creds -i NDXINST1,NDXINST2 --admin
Specify machines in a file instead of on the command line:
ick add-creds -I machines.txt
Remove credentials for INST1
and INST2
from the windows credential store:
ick remove-creds -i NDXINST1,NDXINST2
Retrieve admin credentials for the specified machine in pretty-JSON format, for use by other tools or scripts:
ick json -I machines.txt --admin --pretty
With non-pretty output, an example output from ick json
is:
[{"host":"NDXSOMETHING","username":"NDXSOMETHING\\username","password":"the-password"}]
§Local development
You need cargo installed; see https://rustup.rs/ for first-time install or run rustup update
to update.
To run formatter, use cargo fmt
To run linter, use cargo clippy
To run tests, use cargo test
To build in debug configuration, use cargo build
(the executable will be in .\target\debug\ick
)
To build in release configuration, use cargo build --release
(the executable will be in .\target\release\ick
)
To build docs page, use cargo doc --no-deps
(the docs will be in .\target\doc\ick
)
To run the command, use the ick executable which has been built in target/release
(or target/debug
for a debug build)