I’ve had to share a ton of API keys lately, and it seems wild there isn’t a simple hacker friendly way to do this. I built a easy to use CLI for sharing secrets and the whole process takes about 15 seconds:
- The receiver runs secret_share and it generates a one-time public key they can send to the sender
- The sender runs secret_share, pastes in the public key from the receiver, types the secret, and gets an encrypted response they can send back
- The receiver pastes in the encrypted response and sees the secret
It’s open source. There are no servers. It’s using very standard/boring/secure crypto (RSA-OAEP and AES-GCM). The private key is never written to disk and is evicted from memory as soon as the payload is decoded (new keys every time). It’s user friendly for a CLI (clear messages, clipboard integration). You can use any chat tool as the communication channel never sees the private key. The only dependencies are Google maintained go packages (term and sys). It’s small and simple (you can read the entire codebase in about 5 minutes).
Github: https://github.com/scosman/secret_share
Let me know if you have any ideas or questions!
submitted by /u/davernow
[link] [comments]