GoKawiilsecs-man is a tool for managing backups of secrets with tool-independence in mind: if you encrypt your secrets with this software, you should be able to decrypt and restore them without this software. Even if secs-man disappears from the face of the Earth, your data is still accessible.
secs-man can be used to manage secrets of local and remote machines, and is ideal for creating local-only backups for data that is too sensitive to be backed up somewhere in the cloud.
Philosophy
The theory
You should not depend on any specific software for backing-up your extremely important data.
Any software that forces you to remain in its ecosystem after use (such as: "if you encrypt it with this software, you can only decrypt it with this software") makes you dependent on it.
Hence, the encryption, decryption and restore of your important data should be decoupled, that is if you encrypted it with software X, you should still be able to decrypt it without software X.
The practice
In practice, you cannot create a setup where your secrets are 100% safe from data loss. Even if your software X is compatible with Y, Z and W, you'll still lose access to your data if X, Y, Z and W all stopped working at the same time.
What you do in practice is make sure to be dependent only on technologies that are "standards" or close to. I'm ok with being dependent on the existence of bash interpreters, USB ports and Linux machines.
... continue reading