Home

Awesome

stash

stash is a command line program for storing text data in encrypted form.

All user data is encrypted using AES 256 cipher.

Data is hashed for indexing purposes using a good random salt + SHA512.

<img src="screenshots/fruits.png" width=350></img>

<!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc -->

Table of Contents

<!-- markdown-toc end -->

Rationale

All of us need to store sensitive information. At the very least, we need to keep passwords and keys to numerous online services we use. Storing them in plain-text is risky. So is not keeping backups in multiple locations.

stash is an open-source tool to store text in encrypted form. The encrypted data can be stored in untrusted locations without compromising it, granted the encryption-key is unguessable.

Installation

Linux and Mac

Install:

brew install rorokimdim/brew/stash

Upgrade:

brew upgrade stash

Uninstall:

brew uninstall stash

Binaries are available at releases.

Others

No pre-built binaries available at this time. We will need to build from source using stack install or cabal install.

Install stack, clone this repository and run the following in repository directory.

stack install

Getting Started

Create a stash file.

stash create {path-to-stash-file}

Replace {path-to-stash-file} with path to the stash file. For example ~/Dropbox/secret.stash.

Stash will prompt for the encryption-key (password) to use for the file. The key is not saved anywhere, but a salted hash (good random salt + SHA512) of the key and the salt is saved.

When we run a stash command, we will be prompted for our encryption key. It is checked against the hash stored during stash create. For the duration of the command, the encryption key will be used for encrypting/decrypting data.

The salt stored during stash create is also used for hashing any data for indexing purposes.

Browsing

This feature does not currently work on windows.

Terminal user interface (default)

stash browse {path-to-stash-file}
ShortcutsDescription
ESC (q)Quit
?Show this help
+Add a new key
>Add a child key to selected key
-Delete selected key
, (r)Rename selected key
/Search and sort by pattern
yCopy value of selected key into system clipboard
EnterSet value of selected key
HSee history of values of selected key
Left arrow (h)Move to parent of selected key
Right arrow (l)Move to child of selected key
Up arrow (k, Ctrl-p)Select above
Down arrow (j, Ctrl-n)Select below
g, GMove to top, Move to bottom
Ctrl-u, Ctrl-dScroll keys half page up / down
Ctrl-b, Ctrl-fScroll keys one page up / down

As Org text

stash browse -f org {path-to-stash-file}

Opens as Org text in default editor. Set EDITOR environment variable to your editor command. Defaults to vim.

As Markdown text

stash browse -f markdown {path-to-stash-file}

Opens as markdown text in default editor. Set EDITOR environment variable to your editor command. Defaults to vim.

Dumping contents to stdout

As Org text (default)

stash dump -f org {path-to-stash-file}

As Markdown text

stash dump -f markdown {path-to-stash-file}

As JSON text

stash dump -f json {path-to-stash-file}

Backing up data

stash backup {path-to-stash-file}

Creates a timestamped copy of stash file in the same directory as the original file.

Importing text

We can import org and markdown text into stash. This feature is only available in version 0.2.0+.

cat {path-to-text-file} | stash import {path-to-stash-file}

stash import will assume text is in org format by default, but markdown is supported too:

cat {path-to-text-file} | stash import -f markdown {path-to-stash-file}

We can import from another stash file similarly:

stash dump {path-to-source-stash-file} | stash import {path-to-destination-stash-file}

We will need to first enter encryption-key for the source stash-file followed by encryption-key for the destination stash file.

Babashka pod support

stash exposes a bencode interface using Babashka Pod Protocol.

If you are familiar with clojure or babashka, see clojure-example.

Common-lisp folks see common-lisp-example.

Python folks see python-example.

Customization

A few things in stash can be customized via environment variables.

NameDescriptionPossible ValuesDefault
STASH_ENCRYPTION_KEYencryption key-prompt as needed
STASH_WIPE_CLIPBOARD_AFTER_BROWSEwipe clipboard after browsetrue, falsefalse
STASH_LOG_LEVELlogging levelDEBUG, INFO, WARN, ERRORINFO
STASH_TUI_COLOR_SELECTEDcolor of selected itemsee belowcyan
STASH_TUI_COLOR_CURRENT_PATHcolor of current pathsee belowwhite
STASH_TUI_COLOR_SORT_PATTERNcolor of sort/search textsee belowwhite
BABASHKA_PODstart as babashka-podtrue, falsefalse
EDITORcommand for editing text-vim

Color values can be one of black, red, green, yellow, blue, magenta, cyan, white, brightBlack, brightRed, brightGreen, brightYellow, brightBlue, brightMagenta, brightCyan and brightWhite.

Shell Autocompletion

bash

source output from following command

stash --bash-completion-script `which stash`

zsh

Create a _stash in your $FPATH (try ~/.zsh/_stash) with contents from following command

stash --zsh-completion-script `which stash`

fish

source output from following command

stash --fish-completion-script `which stash`

Credits

  1. Haskell
  2. cryptonite and crypto-simple
  3. brick and optparse-applicative
  4. All of these libraries and all the things they depend on
  5. Every stash file is a sqlite file
  6. Scriping support via clojure and babashka