3 aescbc, secstore, ipso \- secstore commands
57 authenticates to the server
58 using a password and optionally a hardware token,
59 then saves or retrieves a file.
60 This is intended to be a credentials store (public/private keypairs,
61 passwords, and other secrets) for a factotum.
65 stores a file on the secstore.
69 retrieves a file to the local directory;
72 writes it to standard output instead.
75 of . will send to standard output
76 a list of remote files with dates, lengths and SHA1 hashes.
80 removes a file from the secstore.
84 prompts for a password change.
88 produces more verbose output, in particular providing a few
89 bits of feedback to help the user detect mistyping.
93 says that the password should be read from standard input
99 says that the password should be read from NVRAM
102 This option is unsupported.
106 or the server specified by option
109 For example, to add a secret to the file read by
111 at startup, open a new window, type
115 % auth/secstore -g factotum
117 % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
118 % auth/secstore -p factotum
120 % read -m factotum > /mnt/factotum/ctl
123 and delete the window.
124 The first line creates an ephemeral memory-resident workspace,
125 invisible to others and automatically removed when the window is deleted.
126 The next three commands fetch the persistent copy of the secrets,
128 and save the updated file back to secstore.
129 The final command loads the new secret into the running factotum.
133 .\" command packages this sequence into a convenient script to simplify editing of
135 .\" stored on a secure store.
136 .\" It copies the named
142 .\" on them. When the editor exits,
144 .\" prompts the user to confirm copying modifed or newly created files back to
150 .\" grabs all the user's files from
154 .\" By default, ipso will edit the
157 .\" one of them is named
159 .\" flush your current keys from factotum and load
160 .\" the new ones from the file.
161 .\" If you supply any of the
168 .\" will just perform the operations you requested, i.e.,
169 .\" edit, flush, and/or load.
177 .\" as the editor insted of
181 .\" option provides a similar service for files encrypted by
186 .\" option, the full rooted pathname of the
188 .\" must be specified and all
190 .\" must be encrypted with the same key.
193 .\" newly created files are ignored.
196 encrypts and decrypts using AES (Rijndael) in cipher
197 block chaining (CBC) mode.
199 .B \*9/src/cmd/secstore
202 Plan 9's \fIsecstore\fR(8)
204 There is deliberately no backup of files on the secstore, so
206 (or a disk crash) is irrevocable. You are advised to store
207 important secrets in a second location.
211 .\" secrets will appear as plain text in the editor window,
212 .\" so use the command in private.