Genuine question: what's your thread model?
Vault gives time limited Tokens with Network Boundary. Instead of Keeper, i would just use age:
# write
echo "my secret" | age -r <recipient-pubkey> > secret.age
# read
age -d -i key.txt secret.age
Genuine question: what's your thread model?
Vault gives time limited Tokens with Network Boundary. Instead of Keeper, i would just use age:
# write
echo "my secret" | age -r <recipient-pubkey> > secret.age
# read
age -d -i key.txt secret.age
not when you need an audit system
True, but AFAIK an audit system is worthless if it resides on the same potentially compromised machine, no?
https://git.eeqj.de/sneak/secret
This is an age+filesystem secrets manager that I made that is basically what you wrote, but with more organization.