Crate ick

Crate ick 

Source
Expand description

instrument-credentials-from-keeper/keepass.

ick provides a thin wrapper over the windows credential store, injecting appropriate credentials which are acquired from either keeper or keepass.

§Installation

Put the binary ick.exe in a directory on your PATH.

ick requires environment variables in order to acquire credentials:

  • ICK_CRED_STORE, should be set to either keeper or keepass, describing the password-manager backend which ick will acquire passwords from. This environment variable can be set permanently.
  • ICK_KEEPASS_FILE (keepass only), a path to a keepass (.kdbx) file containing the passwords. This environment variable can be set permanently.
  • ICK_KEEPASS_KEY (keepass only), the decryption password for the keepass database. This should not be set as a permanent environment variable; it should be manually entered as an env variable into a specific shell, and should be cleared (or the shell closed) once administration tasks are complete.
  • ICK_KEEPER_TOKEN (keeper only), a token used to access the keeper API. This should not be set as a permanent environment variable; it should be manually entered as an env variable into a specific shell, and should be cleared (or the shell closed) once administration tasks are complete. To generate a token, log into keeper as an account with access to keeper secrets manager, go to the ‘secrets manager’ tab, select the ‘ick’ application, and click ‘add device’. Set the ‘device name’ to your name, select ‘configuration file (base64)’ as the method. This will generate a base64 string which you can use as the ICK_KEEPER_TOKEN. Store this string in your personal password manager.

§Usage

For a description of available ick commands and flags, use:

ick help

For help on a specific subcommand, for example ick add-creds, use:

ick help add-creds

The default Logging level is WARN. This can be increased or decreased one level at a time with the -v/--verbose or -q/--quiet flags, which can be specified multiple times. Logs are printed to stderr.

§Examples

Add user-level credentials for INST1 and INST2 to the windows credential store, as an unprivileged user or admin user:

ick add-creds -i NDXINST1,NDXINST2
ick add-creds -i NDXINST1,NDXINST2 --admin

Specify machines in a file instead of on the command line:

ick add-creds -I machines.txt

Remove credentials for INST1 and INST2 from the windows credential store:

ick remove-creds -i NDXINST1,NDXINST2

Retrieve admin credentials for the specified machine in pretty-JSON format, for use by other tools or scripts:

ick json -I machines.txt --admin --pretty

With non-pretty output, an example output from ick json is:

[{"host":"NDXSOMETHING","username":"NDXSOMETHING\\username","password":"the-password"}]

§Local development

You need cargo installed; see https://rustup.rs/ for first-time install or run rustup update to update.

To run formatter, use cargo fmt

To run linter, use cargo clippy

To run tests, use cargo test

To build in debug configuration, use cargo build (the executable will be in .\target\debug\ick)

To build in release configuration, use cargo build --release (the executable will be in .\target\release\ick)

To build docs page, use cargo doc --no-deps (the docs will be in .\target\doc\ick)

To run the command, use the ick executable which has been built in target/release (or target/debug for a debug build)