Bound by sacred cyphers and powered by forgotten rites; access without a path, only a destination. Your vital sigils safe, their essence known to none but their holder, sealed by the magic of pure ignorance.
Explore the docs »
Report Bug
·
Request Feature
Table of Contents
Extending access to Keeper secrets manager for api retrival in distributed or disconnected processes. Serves as a quality of life abstraction to diminish the scourge of hard-coded, insecurely handled credentials in our code bases.
Java is like a bad relationship. It's too object-oriented
Compiling is not necessary as release binaries are available. If you're so inclined the sections below are for you.
Your going to need a compiler, I recommend anything not Oracle java. Depending on your os, the installation process will vary. Additional packages like maven will be needed to utilize the provided pom file.
- bash
sudo dnf install java-21-openjdk java-21-openjdk-devel maven
- bash
sudo apt install maven openjdk-21-jdk-headless
- bash
sudo apt install maven openjdk-21-jdk-headless
-
powershell
winget install maven winget install Microsoft.OpenJDK.21 refreshenv$jdk_url = "https://aka.ms/download-jdk/microsoft-jdk-21-windows-x64.msi" $java_home = New-Item -ItemType Directory -Path "$env:ProgramFiles\Java" -Force $maven_home = New-Item -ItemType Directory -Path "$env:ProgramFiles\Apache\Maven" -Force $maven_version = "3.9.11" $maven_url = "https://dlcdn.apache.org/maven/maven-3/$maven_version/binaries/apache-maven-$maven_version-bin.zip" Start-BitsTransfer -Destination "$env:USERPROFILE\Downloads\jdk-21.msi" -Source $jdk_url Start-BitsTransfer -Destination "$env:USERPROFILE\Downloads\maven.zip" -Source $maven_url Start-Process -Wait -FilePath msiexec -ArgumentList /i, "$env:USERPROFILE\Downloads\jdk-21.msi", "ADDLOCAL=FeatureMain,FeatureEnvironment,FeatureJarFileRunWith,FeatureJavaHome", 'INSTALLDIR="$java_home"', /quiet -Verb RunAs Expand-Archive -DestinationPath "$env:USERPROFILE\Downloads\maven" -Path "$env:USERPROFILE\Downloads\maven.zip" $parentDir = Get-ChildItem -Path "$env:USERPROFILE\Downloads\maven" | Select-Object -First 1 Move-Item -Destination $maven_home -Path "$parentDir\*" -Force [Environment]::SetEnvironmentVariable('M2_HOME', $maven_home, [System.EnvironmentVariableTarget]::User) [Environment]::SetEnvironmentVariable('MAVEN_HOME', $maven_home, [System.EnvironmentVariableTarget]::User) [Environment]::SetEnvironmentVariable('PATH', "$env:PATH;$maven_home\bin", [System.EnvironmentVariableTarget]::User) Remove-Item "$env:USERPROFILE\Downloads\jdk-21.msi" Remove-Item "$env:USERPROFILE\Downloads\maven.zip" Remove-Item "$env:USERPROFILE\Downloads\maven" -Recurse -Force
- Clone the repo
git clone https://github.com/byteskeptical/credcat.git cd credcat - Compile binary, prepare release
# build binary mvn compile # create package mvn install # prepare package for official release mvn package
- Run tests, (optional). Making changes, (required)
mvn test - Clean up after yourself
mvn clean
You will need to generate a device config for your KSM application in either base64 or json format. You can also use the one time password feature to generate the config dynamically using the clientKey parameter instead. Using the config parameter provides the means to switch between application vaults. You can pass one or more of either titles and/or record uid's to retrive multiple records at once. Exact matches only. Any files are downloaded locally and their save location is returned in the response.
Usage: java -jar credcat.jar [ -server | '{ "config": ".keeper/config.base64", "titles": ["RECORD_TITLE"], "uids": ["RECORD_UID"] }' ]-
Payload can be any of the following.
ADVANCED='{ "clientKey": "7dae669a419ee250d0fd0e12d527f5f1", "config": "config.base64", "saveLocation": "/mnt/share/keeper", "titles": ["development ldap"], "uids": ["chnmFhEC38YCHhNY1pA8Vg"] }' TITLE_ONLY='{ "config": ".keeper/config.base64", "titles": ["Production ClickToCall API Key", "development ldap"] }' UID_ONLY='{ "config": ".keeper/config.base64", "uids": ["7bN_ceW-p3_alVUNmI09Tw", "chnmGhEC39YCHhNy1pA8vg"] }'
-
Whether passing title or uid, records are returned nested under its respective uid.
java -cp "target/classes:target/dependency/*" com.byteskeptical.credcat.SecretsService $ADVANCED java -jar target/credcat.jar $UID_ONLY
INFO: { "7bN_ceW-p3_alVUNmI09Tw" : { "notes" : null, "files" : [ ], "type" : "login", "title" : "development ldap", "fields" : { "password" : [ "bingbangboomdongle" ], "login" : [ "ldaptest" ] } }, "chnmGhEC39YCHhNy1pA8vg" : { "notes" : "VALUE = x-ClickToCall-APIKey:be0d988f-063c-d654-ad1b-a54337f87233", "files" : [ { "name" : "ascii-art.txt", "path" : "/mnt/share/keeper-2452814181455428916/ascii-art.txt" }, { "name" : "integration.ucaas.call.metadata.PNG", "path" : "/mnt/share/keeper-2452814181455428916/integration.ucaas.call.metadata.PNG" } ], "type" : "login", "title" : "Production ClickToCall API Key", "fields" : { "password" : [ "be0d988f-063c-d654-ad1b-a54337f87233" ], "login" : [ "integration.ucaas.call.metadata" ], "fileref" : [ "3HcX3vCCvHBTBcOqCgCnsQ", "cGBiPmG_9GlZszFbsQmJea" ] } } }
-
Running in server mode accepts the same request payload, passed by the http client of your choice. You can set your preferred host and port in the credcat properties file.
java -cp "target/classes:target/dependency/*" -server java -jar target/credcat.jar -servercurl -d $UID_ONLY -H 'Content-Type: application/json' -v -XPOST http://127.0.0.1:8888/api/getSecrets curl -H 'Content-Type: application/json' -v http://127.0.0.1:8888/api/getVersion
- Handle all field types including files & notes
- Handle title & uid searches
- Retrieve more than one record in a single request
- Support stand-alone and server modes
See the open issues for a full list of proposed features (and known issues).
Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the project_license. See LICENSE for more information.
byteskeptical - @byteskeptical - bug@byteskeptical.com
Project Link: https://github.com/byteskeptical/credcat