[Ann] v0.1.2 of rook, a keepass-backed secret service
[Ann] v0.1.2 of rook, a keepass-backed secret service
Rook is a lightweight, stand-alone, headless secret service tool backed by a Keepass v2 database. It provides client and server modes in a single executable, built from a reasonably small (auditable) code base with a small and shallow dependency tree - it should not be challenging to verify that it is not doing anything sketchy with your secrets.
Reasonable auditability, the desire to use KeePass files, and to do so through a headless tool that doesn't spawn off the better part of a DE through otherwise unused services, were the main motivations for Rook.
You might be interested in Rook if one or more of these are true:
- you use KeePass v2-compatible tools to store secrets already
- you are not running a DE like KDE or Gnome (although Rook may still be interesting because of secret consolidation)
- you prefer to minimize background GUI applications (KeePassXC is excellent and provides a secret service, but doesn't run headless)
- you run background applications such as vdirsyncer, mbsync (isync), offlineimap, or restic, or applications such as aerc that can be configured to fetch credentials from a secret service rather than hard-coded in a config file.
Pre-built binaries for limited OS/archs are built by the CI, and Rook if available in AUR. There's an nfpm config in the repos that will build RPMs and Debs, among others. I consider Rook to be essentially free of any major bugs and fit-for-purpose, although I welcome hearing otherwise.
Utility scripts in zsh and bash are available for providing autotyping and entry/attribute selection using xdotool, rofi, xprop, and so on; these are YMMV-quality.
Changes from v0.1.1 are:
Added
- one-time pin soft locking
- installation instructions for distributions that have rook in a repository
- more of the special autotype {} commands are supported (backspace, space, esc)
Changed
- getAttr adds a little delay before typing, allowing initiator tools (like rofi) to close windows before text is output
- cleans up code per golint/gochk
Fixed
- an autotype bug in outputting literals