I’m happy to share with you our experiment at using Blockstack in a terminal environment.
Keystone.sh is an open-source system for developers to store, share and use secrets with other developers. Everything can be done through our cli and we released the 1.0.0 version this week.
We are using it at my web agency to handle applications tokens in local development but also in CI/CD setups. No more sharing over slack or worse, emails.
Our team can’t wait to get your feedback!
I hope our work will help other developers bring more blockstack apps to the terminal.
It’s easy to add team members with the help of an email invitation process. Privacy is kept by sending only the necessary data: blockstack ids, project ids, emails.
The system handles multiple users working on the same files with a versioning system
Customize your prompt to show the current environment and files status**
Add autocompletion to Keystone commands in your bash**
If you had the chance to choose, what command line apps you would like to see coming on Blockstack?
** I’m limited to 2 links as a new member. You can find the tutorials in the Recipes section in the documentation.
We have a sync system that replicate files among users of the same project. They pull from the administrators and contributors then make copies for everybody else in the project. So each member has its own copy encrypted with his signed public key.
To make it possible we have files describing the project and the members, so we know:
what are their privileges over the project
what are the environments they have access to
what files are currently tracked
their blockstack ids. It’s used to retrieve their signed public key and encrypt files for them.
All these files are versioned and when a user pull we check for conflicts just like git. Most of the time, it’s ok. If it’s not, we try to merge the file automatically or ask you to do it manually if we can’t.
Yes you can. Keystone is made to handle sensitive informations like database credentials or applications tokens. Handling an access credential of a remote VM looks like another good use case.
With a Git repo, it’s straightforward:
Create a file with your credentials in a folder and add it to your .gitignore.
Initialize a new Keystone project with ks init my-project-name. Then add your file with ks add [path-to-my-file] then push ks push.
You will receive a confirmation email for each of them. You will need to set the privileges for them, just click the button in the email and follow the instructions on Keystone.sh
Each member clone the repo git clone ...
Once the repo is cloned, they just need to ks pull to get the credentials
A Git repo is not mandatory. If you don’t use one, your team will need to list their projects with ks project list and use the command ks init [projectName]
If you change your access credentials, just update your file and ks push. From now on, your teammates will only need to ks pull to get the latest version.