►
From YouTube: Rust Cologne: An introduction to 'Share Secrets Safely'
Description
‘Share Secrets Safely’ scratches a particular itch as it provides the tooling required to use GPG in teams with great user experience, while providing all tooling necessary to introduce said shared secrets into their final destination without them ever touching disk. I will particularly highlight the way the project is structured, and tested, showing that ‘journey’ level testing is now affordable thanks to Rust.
Sebastian Thiel
A
Yeah
hi
and
welcome
my
name
is
Sebastian
and
today
I'm,
giving
you
a
tour
of
share
secret
safely
on
the
Beamer
or
on
screen
for
those
who
watched
us
on
YouTube
on
the
rust
channel
hint
hint.
They
see
it
on
screen.
The
repository
here,
which
claims
the
chair
secret
safely,
is
there
to
allow
teams
to
avoid
avoid
plaintext
secrets
from
day
one,
and
you
are
probably
saying
I,
never
have
plaintext
secrets
in
my
projects.
I
never
have
clear
text
secrets
credentials
to
my
production
database
in
code.
A
Never
so
this
is
not
for
you
turn
it
off
save
your
time.
We
don't
need
this,
but
maybe
you
do
because
maybe
you've
been
using
GPG
before
or
go
pass
or
any
of
these
GPG
ish
thingies,
and
maybe
you
also
didn't
like
it
very
much
because
of
the
user
interface
for
the
command
line,
interface,
feeling
a
bit
old
feeling
a
bit
1980s
1990s.
It
does
work.
But
if
you're
not
an
expert,
it's
a
little
hard
to
understand
what
the
heck
it
is
talking
about
when
it
says
unusable
public
key.
What
which
public
key?
A
What
is
going
on-
and
this
is
what
chair
secret
safely-
tries
to
do
much
better
share
secret
safely,
will
allow
you
and
your
team
to
well
store
and
encrypt
your
secrets
using
GPG,
but
have
a
front,
and
that
is
totally
2017
so
freely
new
and
here's
how
I,
how
I
did
it
motivation
was,
of
course,
that
I've
seen
many
teams
and
I
still
do
see.
Many
teams
who
have
plaintext
secrets
and
I
spend
a
lot
of
my
time
to
make
that
better,
and
this
is
a
culmination
of
all
of
these
experiences.
A
It's
the
best
I
have
to
give
to
society
to
make
it
easy
to
bring
your
secrets
from
the
encrypted
form
to
the
final
destination.
Without
them
ever
touching,
discs
or
you
know,
can
be
without
ever
them
being
intercepted
by
third
parties.
How
does
it
work?
Yeah?
Of
course
it's
a
rest
meet
up.
So
a
lot
of
us
here
as
you
can
it's
like
totally
60%
of
rust.
A
Apparently
the
70s
strike
back
a
lot
of
shell
scripting
here,
36%
I
will
show
you
why
that
is
and
I
think
I
will
start
with
the
idea
of
share
secret
safely
like
how
do
I
develop
that
software
and
to
me
it
was
most
important
because
I
said
usability
is
so
important
to
me
that
I
said
I
do
not
want
to
write
anything
that
I
do
not
test
myself.
That
I
cannot
wear,
cannot
verify
that
the
usability
is
nice
for
me,
as
a
user
and
for
everybody.
A
Therefore,
I
spend
some
time
thinking
about
testing
before
I
even
started
writing
a
single
line
of
code.
You
can
test
with
with
Russ
cargo
test,
and
you
run
your
test.
That's
easy
unit
test
kind
of
thingies.
You
can
also
test
command
line
interfaces
these
days
with
something
that's
called
assert
seal,
I,
I,
don't
know
there
might
be
somebody
in
the
room
who
knows
more
about
it.
A
A
So
this
is
when
you
run
the
tests
here
and
as
you
can
see,
you
can
say,
with
a
single
GPG
user
when
initializing
the
vault,
with
a
resource
directory
with
no
explicit
recipients
file
it
succeeds,
and
here
and
there
you
can
make
your
expectations
readable
for
the
world
and
when
you
write
this,
it's
a
rest,
Meetup
and
I'm,
showing
the
shell.
It's
kind
of
odd
I
know,
but
it's
one
of
the
best
points
about
the
project
that
when
you're
implementing
the
feature
what
you
do,
is
you
basically
use
this
little
DSL?
It's
just
shell.
A
It's
just
bash,
but
it's
really
easy
to
read.
Sandbox
something
have
a
title
with
and
when
set
up
your
state
and
in
the
end
you
do
your
expectations,
lots
of
snapshot,
testing
I
do
here
just
because
snapshots
are
so
easy
to
use.
First
run,
it
creates
a
snapshot.
Second
run.
It
compares
the
snapshot
that
you
already
have
with
the
actual
program.
Output
allows
me
to
set
my
expectations
right
away,
because
I
really
just
write
the
file
I
say
here.
A
This
is
how
it
should
look
like
more
or
less
and
then
I'm
sad,
the
implementation
and
then
eventually,
when
it
looks
like
it
it's
cool
and
whenever,
when
I
break
it,
which
also
happens
from
time
to
time,
you
know
any
character.
Change
will
immediately
trigger
a
test
failure.
These
tests,
they
run
like
this
I
differentiate
between
stateless
journey
tests
and
those
that
run
in
daca
the
stateless
ones.
They
run
like
that,
yeah
yeah.
It's
really
fast
to
write.
A
It
probably
calls
the
the
rest
command
a
few
hundred
times,
and
these
two
seconds
that
you
have
seen
the
the
text
running
over
the
screen.
It's
so
fast
that
you
can
now
afford
journey
tests,
tests
that
actually
represent
the
user
value
in
every
detail
that
you
can
run
them
exclusively.
I
do
have
like
20
unit
tests
where
it
made
sense
and
everything
else
is
journey
tests.
A
So
here
once
again,
the
reason
why
I
want
to
do
this
is
because
it
actually
captures
a
value
that
I
bring
to
the
user,
and
it
allows
me
as
a
developer,
to
use
my
tool
and
to
see
how
it
feels
I
play
around
with
this
until
I
like
it
then
I
implement
it.
Maybe
I
change
it
again,
but
I
change
it
on
a
very
high
level,
which
is
what
the
user
in
the
end
will
see.
A
Yes,
I
know
that
all
the
happy
path
and
all
the
unhappy
path
that
I
could
think
of
a
captured,
so
that
I
say
yes.
This
is
what
I
would
want
to
see
as
an
error
output,
for
example,
when
certain
common
issues
with
GPG
happen.
Second
thing:
why
Russ,
because
right
now,
I,
don't
really
have
an
you
know:
I
could
have
done
it
in
C
and
that's
true.
I
could
have
done
it
in
C.
No,
not
really
I
could
not
have
done
it
and
say
I'm,
not
good
enough.
A
I'm
not
good
enough,
but
rust
allows
us
to
do
all
these
things
without
being
being
godlike
creatures,
and
the
library
called
GPG
me
is
what
I
use
to
make
direct
use
of
GPG.
So
tools
like
pass
passed,
others
HD
units,
UNIX
password
manager
and
go
pass
another
hook.
They
call
GPG
the
command-line
tool.
It's
nice.
It's
working,
however,
GPG
the
command-line
tool
easily
between
the
minor
releases
or
petrol
ease
whatever
that
is
for
them
change
the
way
they
interpret
certain
arguments,
and
they
might
just
you
know
your
argument
that
you
used
so
far.
A
A
That
probably
itself
is
really
hard
to
use,
but
with
rust
it
becomes
easy
to
use
fantastic
I,
don't
have
problems
with
resource
allocation
and
de-allocation
I
mean
have
you
ever
tried
to
use
the
C
library
if
in
its
stuff,
you
have
to
make
calls
on
the
right
order
and
totally
not
forget
anything,
because
if
you
do
you
SEC
fall
things,
you
have
undefined
behavior
that
doesn't
happen
in
rust.
I
can't
do
it
wrong.
It's
so
easy
to
use
these
libraries,
which
gives
me
a
stable
interface
that
I
can
rely
on
that
way.
A
I
can
understand
what
kind
of
error
GPG
me
communicates
to
me
and
I
wrap
this
and
something
that
is
easier
to
understand
for
the
ordinary
user,
who
just
wants
to
do
some
crypto
to
get
rid
of
to
get
rid
of
plaintext
secrets
in
there
and
that
code
base.
The
next
thing
that
was
incredibly
important
to
me,
as
usability
is
so
important
to
me,
is
documentation
because
having
a
great
self
document,
a
tool
which
is
Sai
here
by
the
way.
A
First
time
I
showed
us
use,
clap,
of
course,
having
a
nicely
documented
tool
with
clap
is
really
easy.
That
is
not
necessarily
what
people
want
to
use
to
get
started
with
the
tool
and
also
you
know,
there's
certain
complexity
associated
with
it.
Certain
ideas
that
you
want
to
wrap
your
head
around
that
you
have
to
write
more
about
then
in
self
documenting
help.
So
what
this
thing
does
at
first,
you
to
that
self
hosted
documentation,
which
is
so
some
of
you
might
already
know,
notice
one
its
MD
book.
A
That
is
not
really
AM
D
book,
because
if
you
look,
for
instance,
at
the
installation
instructions
here,
you
will
see
a
lot
of
code
like
some
curling
here,
some
GPG
verification,
because
you
know
I
provide
signatures
with
my
binaries
so
that
you
can
verify
that
I
created
them
and
you
can
hopefully
trust
them
because
it
trust
me.
You
do
trust
me
right.
We
know
each
other,
but
this
code
here,
there's
so
much
stuff
happening
and
it
can
be
so
wrong.
A
So
what
I
do
is
what
I
did
to
make
that
possible
is
I,
wrote
a
little
wrapper
around
MD
book,
which
does
not
yet
support
the
kind
of
plugins
that
I
would
have
needed
and
call
it
term
book.
Md
book
became
term
book
and
term
Brooke
allows
you
to
add
certain
annotations
in
your
markdown
that
will
tell
term
book
to
execute
the
code
block
below
and
to
possibly
capture
the
output
of
the
program
and
put
it
right
after
so
the
documentation
that
you
see
here.
It's
asserting
itself,
it's
test
the
documentation.
A
So
I
not
only
say
I
want
to
capture
this
output
here
and
want
to
run
this
and
capture
the
output.
I
also
say
this
should
be
successful
and
if
something
in
there
breaks
this
is
why
you
see
curl
fail
something
in
there
breaks,
then
my
documentation
will
not
build
and
my
entire
build
on
CI
will
fail.
Yes,
I
do
have
CI
a
CD,
of
course,
I.
A
Don't
think
that
that
is
a
question
here,
but
this
is
how
the
documentation
is
guaranteed
to
never
be
stale
and
this
how
it's
actually
fun
to
write
this
I
do
not
execute
everything,
obviously,
but
most
of
the
things
I
execute,
because
I'm
kind
of
documentation
for
the
most
part.
You
just
see
me
literally
executing
side
Walt
in
a
help
and
capturing
the
output,
and
that's
it
so
documentation
is
still
something
I
I
should
have.
It
should
write
a
bit
more.
A
If
you
have
ever
used
some
crypto
tool
for
your
program
for
your
deployments
whatsoever,
you
know
that
it
doesn't
start
or
it
doesn't
end
with
the
with
getting
encrypted.
Passwords
right,
doesn't
end
there
at
all,
because
nice
that
you
have
have
them
encrypted
in
your
in
your
repository.
But
how
do
you
process
them?
A
You
have
to
take
if
to
decrypt
them
at
some
point
and
somehow
bring
the
decrypted
value
to
where
it
belongs
somewhere
in
your
program
somewhere
in
the
environment
of
your
program
that
is
deployed
in
some
Cuban
either
somewhere
in
some
cloud
somewhere
and
that's
usually
when
the
next
great
issue
happens,
that
I've
seen
in
many
teams.
They
start
writing
their
own
templating
engines
in
bash,
they
roll
their
own
and
so
many
versions
of
it.
The
fuse
people
find
end
subs,
which
is
a
very
nice
tool
that
does
like
everything
that
usually
wants
many.
A
You
said,
and
fancy
loops
and
lots
of
I've
seen
a
lot
and
I
didn't
like
any
of
this,
because,
yes,
you
don't
want
a
templating
engine
and
some
processor,
and
you
want
to
build
your
model
that
contains
all
the
values,
the
secret
values
and
not-so-secret
values
and
anyone
substitute
them
in
to
some
file.
Some
configuration
some
manifest
whatever
you
call
it
that,
in
the
end,
defines
how
I
deploy
the
application
so
share
secret
safely
doesn't
end
with
the
crypto.
A
A
The
basic
idea
is
that
you
first
build
a
model
model
is
just
a
tree.
You
know
so
structured
data,
some
a
bunch
of
properties
in
some
tree
like
structure
that
define
something
that
you're
interested
in
in
this
particular
example.
What
we
do
is
we
merge
some
infrastructure
secrets,
some
information
about
our
team
and
some
information
about
our
current
stage
in
our
stages,
general
conservative
pre-production
stage
of
production
stage.
A
That,
for
in
this
case,
declare
for
instance,
declare
your
cube.
Anita's
manifests,
which
are
also
just
structured
files,
and
we
substitute
these
in
here
and
out
comes
the
bunch
of
separated
files.
Sorry,
a
bunch
of
Jeff
separated,
Yunel
documents
that
go
to
a
CD
out
and
are
then
just
applied
directly
by
kubernetes,
which
reads
that
from
standard
input,
this
data
stream
here
is
completely
held
in
memory,
never
touches
disk
and
contains
your
secret
safely.
What
you
also
see
here
is
some
letter
special
syntax,
which
allows
you
to
run
a
program.
A
Take
the
output
of
the
program
put
it
into
a
named
pipe
that
is
temporary
and
feed
the
path
to
the
name
pipe
to
a
program
that
just
wants
to
read
files.
So
in
case
of
cuban
eaters,
for
example,
you
can
provide
it
with
the
custom
configuration
that
allows
it
to
get
all
the
secrets
that
it
needs
to
access
the
cluster
and
whatever
you
want
to
whatever
system
you
want
to
deploy
to,
and
it
reads
this
information
from
a
file
that
is
literally
just
a
temporary
that
you
decrypt
on
the
fly,
and
this
is
the
idea.
A
This
is
the
tooling
that
is
provided
by
share
secret
safely
and
just
to
give
you
this
little
hint
about
it.
There
is
the
processing,
the
data
processing,
it's
all
about
merging
your
model,
about
merging
multiple
files
together,
manipulating
your
files
to
get
the
model
that
you
want
to
use
for
the
substitution.
A
The
substitution
is
the
thing
that
uses
some
data
in
your
model
takes
some
one
or
more
documents
that
contain
these
handlebars
that
you
know
from
yeah
mustache
handlebars
from
all
the
templating
engines,
and
these
handlebars
are
then
substituted
by
the
values
that
are
in
that
model
that
you've
just
built
on
the
fly
and
out
comes
the
the
final
substituted
files
that
you
can
feed
into
another
program.
That
will
then
make
your
deployment
or
do
the
last
step.
That
brings
your
program
to
production.
A
This
is
all
that
share.
Secret
safely
does
for
you
and
of
course,
you
know
that
the
last
step
you
would
ask
okay,
how
do
I
use
it?
How
do
I
get
it?
How
do
I
install
it?
How
do
I
get
started
with
it?
Okay,
you
can
brew
it.
Those
of
you
who
are
on
on
Mac.
You
can
brew
things
and
I
think
in
the
installation
guide.
This
was
right
up
front
here.
A
A
It's
a
tiny
repository,
it's
really
just
a
bunch
of
scripts,
and
now
we
can
just
execute
Sai
directly
and
the
first
time
you
execute
this.
It
will
download
the
binary
for
your
particular
platform
and
then
then
you
have
it
there
locally,
as
you
can
see
now
here
in
Darwin,
there's
the
actual
binaries
that
do
all
the
work,
and
here
the
Sai
binary
the
sheezy
binary.
In
short,
by
the
way,
there's
chef
secret
safety
is
abbreviated
to
that's
the
main
hub
kind
of
binary.
A
A
We
need
a
lot
of
time
that
is
share
secret
safely
and
nutshell.
I
could,
if
you
had
more
time,
I
would,
of
course
show
you
how
that
is
actually
used,
how
you
build
a
model
from
partially
encrypted
data
from
partially
world
readable
data,
like
your
team
information,
team
name
and
so
on.
A
project
data
build
your
model,
substitute
that
into
a
cube,
Anita's
manifest
and
deploy
that
to
a
locally
running
kubernetes
cluster
I've
done
that
demo
elsewhere.
A
Here
your
focus
focusing
on
the
high-level
to
show
you
what
share
secret
safely
is
why
it's
there,
the
kind
of
quality
you
can
expect
from
it?
How
you
get
started
and
I
hope
that
you
know,
gives
you
enough
motivation
to
have
a
further
look
and,
of
course,
to
be
the
one
who
gives
me
the
fiftieth
star,
I'm
github.
That
would
be
awesome
thanks
a
lot
and
hope
you
enjoyed
the
presentation.
A
For
the
questions,
oh,
you
don't
accept
like
what
would
you
want
to
see
from
a
computer
question
was
what
would
be
the
next
steps,
and
what
would
you
like
to
see
from
a
contributor
I
actually
do
have
a
road
map,
and
the
road
map
basically
says
write
more
documentation
because
I
think
that
is
not
severely
missing,
but
it
would
be
better
to
have
a
bit
more.
That's
the
only
reason:
I'm
not
posting
this
on
reddit
every
day,
because
I
really
want
to
but
I
kind
of
lack
the
motivation
contributors.
A
If
you
want
to
write
a
tutorial
or
blog
post
I,
think
that
would
be
much
appreciated.
You
can
also
write
the
markdown.
You
know
it's
easy
to
write
that
in
markdown
and
run
turn
book
on
it
and
contribute
some
ducks
that
are
useful
for
you
or
usable
by
you.
That
is
even
better
because,
to
my
mind,
it's
feature
complete
we're
using
this
I
use
this
everywhere,
where
there's
a
need
for
this
kind
of
tooling
and
usually
there's
always
a
need
for
this
kind
of
tooling
does
white
is
what
it
is.