Secstore authenticates to the server
using a password and optionally a hardware token,
then saves or retrieves a file.
This is intended to be a credentials store (public/private keypairs,
passwords, and other secrets) for a factotum.
-p stores a file on the secstore.
-g retrieves a file to the local directory;
-G writes it to standard output instead.
getfile of . will send to standard output
a list of remote files with dates, lengths and SHA1 hashes.
-r removes a file from the secstore.
-c prompts for a password change.
-v produces more verbose output, in particular providing a few
bits of feedback to help the user detect mistyping.
-i says that the password should be read from standard input
instead of from
-n says that the password should be read from NVRAM
instead of from
The server is
tcp!$auth!secstore, or the server specified by option
For example, to add a secret to the file read by
% cd somewhere-private
% auth/secstore -g factotum
% echo key proto=apop dom=x.com user=ehg !password=hi >> factotum
% auth/secstore -p factotum
% cat factotum | 9p write -l factotum/ctl
and delete the window.
The middle commands fetch the persistent copy of the secrets,
append a new secret,
and save the updated file back to secstore.
The final command loads the new secret into the running factotum.
ipso command packages this sequence into a convenient script to simplify editing of
files stored on a secure store.
It copies the named
files into a private directory,
plumbs them to the editor,
and waits for a line on the console
Once a line is typed,
signifying that editing is complete,
ipso prompts the user to confirm copying modifed or newly created files back to
secstore. If no
file is mentioned,
ipso grabs all the users files from
secstore for editing.
By default, ipso will edit the
secstore files and, if
one of them is named
factotum, flush current keys from factotum and load
the new ones from the file.
-l options are given,
ipso will just perform only the requested operations, i.e.,
edit, flush, and/or load.
-a option of
ipso provides a similar service for files encrypted by
(q.v.). With the
-a option, the full rooted pathname of the
file must be specified and all
files must be encrypted with the same key.
-a, newly created files are ignored.
Aescbc encrypts and decrypts using AES (Rijndael) in cipher
block chaining (CBC) mode.
There is deliberately no backup of files on the secstore, so
-r (or a disk crash) is irrevocable. You are advised to store
important secrets in a second location.
ipso, secrets will appear as plain text in the editor window,
so use the command in private.
Establishing a private directory in which to store the secret
files is difficult on Unix.
On most systems,
ipso creates a mode 700 directory
/tmp/ipso.user and works there.
On Linux systems,
ipso looks for a
tmpfs file system; if it exists,
ipso creates the
ipso.user directory in its root
Ipso should zero the secret files before removing them.