Michael Jaeger πŸ‡ΊπŸ‡¦Feb 9, 2025

Released version 1.1.0 of #SeekretService, a simple service written in #Rust for securely accessing #KeePass databases, e. g. from the #cli like #envrc or #direnv.

πŸ‘‰ Get it on GitHub: https://github.com/michix/seekret-service

It is now available for #Linux, #Windows and #MacOS.

I am happy about feedback!

GitHub - michix/seekret-service

Contribute to michix/seekret-service development by creating an account on GitHub.

GitHub
Show threadllogiqFeb 9, 2025
@michael_jaeger I'll certainly look into this.
Show threadllogiqFeb 11, 2025
@michael_jaeger so this makes credentials available via a TCP socket (even if only briefly). I'd worry this could be misused for exfiltration.
Show threadMichael Jaeger πŸ‡ΊπŸ‡¦
@llogiq
And so am I! This is why access is only bound to local ports and the access has to be confirmed by the user. Furthermore, you need to know exactly what you want to exfiltrate (path and name of username and secret). This way, I hope to minimize this risk nearly to the point of having an unlocked vault in a running KeePass instance. If the attacker is already in your machine, things become salty... This mechanism is basically also used by others password managers like there 1password cli.
Feb 11, 2025 at 5:33amFedilab