It’s fun to build things like this but if you want to nourish a user base you need to fully understand the landscape of similar tools and then explain your differentiating value. This is /particularly/ important for security related tools.
Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.
ecb_penguin 15 hours ago [-]
Or you could just build things for fun. Why do we have to care about "nourishing a user base"? Two decades ago we would build software and release it for fun and utility.
> Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.
What a boring proposition for hobby projects.
janfoeh 13 hours ago [-]
You are taking the words right out of my mouth.
This Github star hunting—, CV padding—, make-it-big-and-BDFL-yourself—approach to open source that has crept in over the last decade is bewildering and rather unpleasant.
CBLT 16 hours ago [-]
Skimmed the readme, seems like it's not AEAD? I don't see any reason to use a tool that's not AEAD.
Also, while I get the appeal of just storing it all in a giant JSON, I don't really feel that's the final word in simple storage formats. I'd personally just use SQLite, or some other format I could rsync.
ecb_penguin 15 hours ago [-]
> Skimmed the readme, seems like it's not AEAD?
Are you just looking for keywords? That's not how a quality security review should be done.
> I don't see any reason to use a tool that's not AEAD.
Do you have an actual attack? Non AEAD schemes have been used for decades without any attack.
There might be entirely valid complaints against this. Lack of AEAD is not one...
> I don't really feel that's the final word in simple storage formats.
Literally nobody said it was
> I'd personally just use SQLite, or some other format I could rsync.
You can rsync a JSON file just as you can rsync a SQLite file....
CBLT 15 hours ago [-]
> You can rsync a JSON file just as you can rsync a SQLite file....
`sqlite-rsync` does a deep comparison and only transmits new rows, without deleting other data. `rsync` on a json file just replaces the file.
renerick 16 hours ago [-]
Text formats have the advantage of better support in version control systems. SOPS does similar thing, it stores encrypted values in yaml/json, and from my experience using this approach with git it is indeed an improvement over, say, Ansible vault, which essentially turns text files into blobs
CBLT 15 hours ago [-]
I use pass[0] which uses a flat directory structure and git. It works great! At $dayjob we have json lockfiles committed to git and merges get pretty gnarly. Not as big of a fan of just dropping it all in json. The toml lockfiles are a bit better in git.
Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.
> Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.
What a boring proposition for hobby projects.
This Github star hunting—, CV padding—, make-it-big-and-BDFL-yourself—approach to open source that has crept in over the last decade is bewildering and rather unpleasant.
Also, while I get the appeal of just storing it all in a giant JSON, I don't really feel that's the final word in simple storage formats. I'd personally just use SQLite, or some other format I could rsync.
Are you just looking for keywords? That's not how a quality security review should be done.
> I don't see any reason to use a tool that's not AEAD.
Do you have an actual attack? Non AEAD schemes have been used for decades without any attack.
There might be entirely valid complaints against this. Lack of AEAD is not one...
> I don't really feel that's the final word in simple storage formats.
Literally nobody said it was
> I'd personally just use SQLite, or some other format I could rsync.
You can rsync a JSON file just as you can rsync a SQLite file....
`sqlite-rsync` does a deep comparison and only transmits new rows, without deleting other data. `rsync` on a json file just replaces the file.
[0] https://www.passwordstore.org/
Might also extend it with an API. Not sure. cheers!