Keybase-cli - Keybase docker container that exposes the keybase CLI and some common commands such as getting files or loading github action secrets

Related tags

Command-line Toolskeybase-cli
Overview

keybase-cli

Docker Build

Keybase docker container that exposes the keybase CLI and some common commands such as getting files or git loading github action secrets.

GitHub: https://github.com/bjgeiser/keybase-cli
Docker Hub: https://hub.docker.com/r/bjgeiser/keybase-cli

GitHub Action

The primary purpose of this docker image is for use in this GitHub action:
https://github.com/bjgeiser/keybase-action

Usage

Example Docker Command

docker run --rm \
   -v $PWD:$PWD -w $PWD \
   -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" \
   -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli keybase --version

Environment Variables

Environment Variable Description Required
KEYBASE_USERNAME Keybase user name Yes
KEYBASE_PAPERKEY Keybase paper key Yes
KEYBASE_UID Docker host user id to store files as No
KEYBASE_GID Docker host group id to store files as No

About file permissions

By default keybase will copy files with the following permissions -rw------- and the keybase executable will not run as root. Without setting KEYBASE_UID and KEYBASE_GID copied out files will be be owned by 1000:1000. In order for your files to be readable, the calling user can pass the current user and group into the container with environment variables. The script can then dynamically create a user inside the container with the same UID:GID as the host user and files will be readable after the container exits. Using --user UID:GID will not set up a user with a home directory (required for keybase) dynamically and the container will detect this and error out.

Commands

Command syntax Description
github-action-secrets github-action-secrets keybase://path/to/file For use in github actions
to get keybase secrets
get get keybase://path/to/file {localpath} Get the file from keybase and copy to a local path
read read keybase://path/to/file Dump contents of file to stdout
clone clone {git clone options} keybase://path/to/repo {localpath} Clone a keybase git repository
batch batch "{any of the above commands},{any of the above commands}" or
batch "{any of the above commands};{any of the above commands}"		 Run more than 1 command in a single docker run
file file /path/to/file Run more than 1 command in a single docker run
keybase See: client command Run any keybase client command
{any other command aka raw} Commands that don't match the above keywords will be run as is. Such as chmod a+r filename Unmatched commands run as is

Note: {arguments} are optional.

Command: github-action-secrets

docker run --rm \
   -v $PWD:$PWD -w $PWD \
   -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" \
   -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli github-action-secrets keybase://path/to/file

This command will parse a .yaml, .json or .env file and set secrets in a github action. Each entry result in the supplied file will cause the container to emit.
::set-output name={name}::{value} reference
::add-mask::{value} reference

Note secrets loaded in using this method will be masked in with ***** in workflow logs. See: reference for more information regarding action security.

Examples

action-secrets.yaml

secret_1: this is secret 1
secret_2: this is secret 2

action-secrets.json

{
  "secret_1": "this is secret 1",
  "secret_2": "this is secret 2"
}

action-secrets.env

secret_1="this is secret 1"
secret_2="this is secret 2"
secret_3=this_is_secret_3

Using in github actions

jobs:
  example:
    runs-on: ubuntu-latest
    steps:
      - name: Get secrets
        id: keybase_secrets
        shell: bash
        run: |
          run --rm \
           -v $PWD:$PWD -w $PWD \
           -e KEYBASE_USERNAME="${{secrets.KEYBASE_USERNAME}}" \
           -e KEYBASE_PAPERKEY="${{secrets.KEYBASE_PAPERKEY}}" \
           -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
            bjgeiser/keybase-cli github-action-secrets keybase://path/to/file 
      
      - name: Check that secret is loaded and masked
        ### This should log the secret with `*****`
        run: echo "${{steps.secrets.outputs.secret_1}}"

Command: get

Copy a file to the local file system.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli get keybase://path/to/file
docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli get keybase://path/to/file keybase://path/to/file path/to/local/file

Command: read

Print files to stdout.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli read keybase://path/to/file

Command: clone

Clone a git repository.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli clone keybase://path/to/clone
docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli clone -b my_branch keybase://path/to/clone path/to/local

Command: keybase

Execute keybase cli commands.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli keybase --version

Note: Any commands that don't match one of the commands are tried as raw commands. Things such as ls -la . or keybase --version will work.

Command: raw

Execute raw commands from inside the container.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli ls -la .

Note: Any commands that don't match one of the commands are tried as raw commands. Things such as ls -la . or keybase --version will work.

Command: batch

Executes a series of commands in a , or ; separated string.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli batch "{any of the above commands},{any of the above commands}"`

Command: file

Executes a series of commands contained in a yaml file.

docker run --rm -v $PWD:$PWD -w $PWD -e KEYBASE_USERNAME="$KEYBASE_USER" \
   -e KEYBASE_PAPERKEY="$KEYBASE_PAPERKEY" -e KEYBASE_UID=$UID -e KEYBASE_GID=$GID \
   bjgeiser/keybase-cli file keybase://path/to/command_file.yaml

command_file.yaml

commands:
  - get keybase://path/to/file
  - get keybase://path/to/file2
  - get keybase://path/to/file3
  - clone keybase://path/to/clone
  - github-action-secrets keybase://path/to/file
  # modify file downloaded above
  - chmod a+rw file3
Owner
Bryce Geiser
Bryce Geiser
GitHub Repository
A simple cli tool to commit Conventional Commits

convmoji A simple cli tool to commit Conventional Commits. Requirements Install pip install convmoji convmoji --help Examples A conventianal commit co

3 Jul 04, 2022
CLI tool to fix linked references for dates.

Fix Logseq dates This is a CLI tool to fix the date references following a change in date format since the current version (0.4.4) of Logseq does not

Isaac Dadzie 5 May 18, 2022
CPOST is a CLI tool to assist with the proper sizing of Clara Deploy pipelines

CPOST (Clara Pipeline Operator Sizing Tool) Tool to measure resource usage of Clara Platform pipeline operators Cpost is a tool that will help you run

NVIDIA Corporation 5 Sep 27, 2021
A command line tool to query source code from your current Python env

wxc wxc (pronounced "which") allows you to inspect source code in your Python environment from the command line. It is based on the inspect module fro

Clément Robert 13 Nov 08, 2022
A simple reverse shell in python

RevShell A simple reverse shell in python Getting started First, start the server python server.py Finally, start the client (victim) python client.py

Lojacopsen 4 Apr 06, 2022
Convert shellcode generated using pe_2_shellcode to cdb format.

pe2shc-to-cdb This tool will convert shellcode generated using pe_to_shellcode to cdb format. Cdb.exe is a LOLBIN which can help evade detection & app

mrd0x 75 Jan 05, 2023
A user-friendly python CLI for Fmask 4.3 software (GERS Lab, UCONN).

pyFmask What is pyFmask pyFmask is a user-friendly python CLI for Fmask 4.3 software (GERS Lab, UCONN; https://github.com/GERSL/Fmask). Fmask (Zhu et

1 Jan 05, 2022
Present - A terminal-based presentation tool with colors and effects.

present A terminal-based presentation tool with colors and effects. You can also play a codio (pre-recorded code block) on a slide. present is built o

Vinayak Mehta 4.2k Jan 03, 2023
A command-line tool to upload local files and pastebin pastes to your mega account, without signing in anywhere

A command-line tool to upload local files and pastebin pastes to your mega account, without signing in anywhere

ADI 4 Nov 17, 2022
This is a CLI program which can help you generate your own QR Code.

Python-QR-code-generator This is a CLI program which can help you generate your own QR Code. Single.py This will allow you only to input a single mess

1 Dec 24, 2021
Simple command-line implementation of minesweeper

minesweeper This is a Python implementation of 2-D Minesweeper! Check out the tutorial here: https://youtu.be/Fjw7Lc9zlyU You start a game by running

Kylie 49 Dec 10, 2022
🖥️ A cross-platform modern shell.

Ergonomica WARNING: master on this repository is not the same as a stable release! Currently, this software is purely experimental, as I am cleaning i

813 Dec 27, 2022
Baseline is a cross-platform library and command-line utility that creates file-oriented baselines of your systems.

Baselining, on steroids! Baseline is a cross-platform library and command-line utility that creates file-oriented baselines of your systems. The proje

Nelson 4 Dec 09, 2022
pypinfo is a simple CLI to access PyPI download statistics via Google's BigQuery.

pypinfo: View PyPI download statistics with ease. pypinfo is a simple CLI to access PyPI download statistics via Google's BigQuery. Installation pypin

Ofek Lev 351 Dec 26, 2022
This is a Command Line program to interact with your NFTs, Cryptocurrencies etc

This is a Command Line program to interact with your NFTs, Cryptocurrencies etc. via the ThirdWeb Platform. This is just a fun little project that I made to be able to connect to blockchains and Web3

Arpan Pandey 5 Oct 02, 2022
This is a tool for managing file notes through the command line

This is a tool for managing file notes through the command line

2 Jun 22, 2022
PipeCat - A command line Youtube music player written in python.

A command line Youtube music player written in python. It's an app written for Linux. It also supports offline playlists that are stored in a

34 Nov 27, 2022
Display Images in your terminal with python

A python library to display images in the terminal

Pranav Baburaj 57 Dec 30, 2022
argofloats: Simple CLI for ArgoVis and Argofloats

argofloats: Simple CLI for ArgoVis and Argofloats Argo is an international program that collects information from inside the ocean using a fleet of ro

Samapriya Roy 2 Feb 13, 2022
Rover is a command line interface application that allows through browse through mission data, images, metadata from the NASA Official Website

🤖 rover Rover is a command line interface application that allows through browse through mission data, images, metadata from the NASA Official Websit

Saketha Ramanjam 4 Jan 19, 2022