Bound by sacred cyphers and powered by forgotten rites; access without a path, only a destination. Your vital sigils safe, their essence known to none but their holder, sealed by the magic of pure ignorance.
Explore the docs »
Report Bug
·
Request Feature
Table of Contents
Extending access to Keeper secrets manager for api retrival in distributed or disconnected processes. Serves as a quality of life abstraction to diminish the scourge of hard-coded, insecurely handled credentials in our code bases.
Java is like a bad relationship. It's too object-oriented
Compiling is not necessary as release binaries are available. If you're so inclined the sections below are for you.
Your going to need a compiler, I recommend anything not Oracle java. Depending on your os, the installation process will vary. Additional packages like maven will be needed to utilize the provided pom file.
- bash
sudo dnf install java-21-openjdk java-21-openjdk-devel maven
- bash
sudo apt install maven openjdk-21-jdk-headless
- bash
sudo apt install maven openjdk-21-jdk-headless
-
powershell
winget install maven winget install Microsoft.OpenJDK.21 refreshenv$jdk_url = "https://aka.ms/download-jdk/microsoft-jdk-21-windows-x64.msi" $java_home = New-Item -ItemType Directory -Path "$env:ProgramFiles\Java" -Force $maven_home = New-Item -ItemType Directory -Path "$env:ProgramFiles\Apache\Maven" -Force $maven_version = "3.9.11" $maven_url = "https://dlcdn.apache.org/maven/maven-3/$maven_version/binaries/apache-maven-$maven_version-bin.zip" Start-BitsTransfer -Destination "$env:USERPROFILE\Downloads\jdk-21.msi" -Source $jdk_url Start-BitsTransfer -Destination "$env:USERPROFILE\Downloads\maven.zip" -Source $maven_url Start-Process -Wait -FilePath msiexec -ArgumentList /i, "$env:USERPROFILE\Downloads\jdk-21.msi", "ADDLOCAL=FeatureMain,FeatureEnvironment,FeatureJarFileRunWith,FeatureJavaHome", 'INSTALLDIR="$java_home"', /quiet -Verb RunAs Expand-Archive -DestinationPath "$env:USERPROFILE\Downloads\maven" -Path "$env:USERPROFILE\Downloads\maven.zip" $parentDir = Get-ChildItem -Path "$env:USERPROFILE\Downloads\maven" | Select-Object -First 1 Move-Item -Destination $maven_home -Path "$parentDir\*" -Force [Environment]::SetEnvironmentVariable('M2_HOME', $maven_home, [System.EnvironmentVariableTarget]::User) [Environment]::SetEnvironmentVariable('MAVEN_HOME', $maven_home, [System.EnvironmentVariableTarget]::User) [Environment]::SetEnvironmentVariable('Path', "$env:PATH;$maven_home\bin", [System.EnvironmentVariableTarget]::User) Remove-Item "$env:USERPROFILE\Downloads\jdk-21.msi" Remove-Item "$env:USERPROFILE\Downloads\maven.zip" Remove-Item "$env:USERPROFILE\Downloads\maven" -Recurse -Force
- Clone the repo
git clone https://github.com/byteskeptical/credcat.git cd credcat - Compile binary, prepare release
# build binary mvn compile # create package mvn install # prepare package for official release mvn release
- Run tests, (optional). Making changes, (required)
mvn test - Clean up after yourself
mvn clean
You will need to generate a base64 device config for your KSM application folder or use one for an existing authorized device. The local path location to this file can be passed as a means to switch between application vaults. You can pass one or more of either titles and/or record uid's to retrive multiple records at once. Exact matches only. Any files are downloaded locally and their save location is returned in the response.
Usage: java -jar credcat.jar '{ "config": "config.base64", "titles": ["RECORD_TITLE"], "uids": ["RECORD_UID"] }'-
Payload can be any of the following.
ADVANCED='{ "clientKey": "7dae669a419ee250d0fd0e12d527f5f1", "config": "config.base64", "saveLocation": "/mnt/share/keeper", "titles": ["development ldap"], "uids": ["chnmFhEC38YCHhNY1pA8Vg"] }' TITLE_ONLY='{ "config": "config.base64", "titles": ["Production ClickToCall API Key", "development ldap"] }' UID_ONLY='{ "config": "config.base64", "uids": ["7bN_ceW-p3_alVUNmI09Tw", "chnmGhEC39YCHhNy1pA8vg"] }'
-
Whether passing title or uid, records are returned nested under its respective uid.
java -cp "target/classes:target/dependency/*" com.byteskeptical.credcat.SecretsService $ADVANCED java -jar target/credcat.jar $UID_ONLY
INFO: { "7bN_ceW-p3_alVUNmI09Tw" : { "notes" : null, "files" : [ ], "type" : "login", "title" : "development ldap", "fields" : { "password" : [ "bingbangboomdongle" ], "login" : [ "ldaptest" ] } }, "chnmGhEC39YCHhNy1pA8vg" : { "notes" : "VALUE = x-ClickToCall-APIKey:be0d988f-063c-d654-ad1b-a54337f87233", "files" : [ { "name" : "ascii-art.txt", "path" : "/mnt/share/keeper-2452814181455428916/ascii-art.txt" }, { "name" : "integration.ucaas.call.metadata.PNG", "path" : "/mnt/share/keeper-2452814181455428916/integration.ucaas.call.metadata.PNG" } ], "type" : "login", "title" : "Production ClickToCall API Key", "fields" : { "password" : [ "be0d988f-063c-d654-ad1b-a54337f87233" ], "login" : [ "integration.ucaas.call.metadata" ], "fileref" : [ "3HcX3vCCvHBTBcOqCgCnsQ", "cGBiPmG_9GlZszFbsQmJea" ] } } }
- Handle title & uid searches
- Retrieve more than one record in a single request
- Handle all field types including files & notes
See the open issues for a full list of proposed features (and known issues).
Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the project_license. See LICENSE for more information.
byteskeptical - @byteskeptical - [email protected]
Project Link: https://github.com/byteskeptical/credcat