Deneblab.StashLock.Cli 0.1.23

Deneblab.StashLock.Cli

Command-line interface for StashLock secrets management vault. Manage encrypted secrets, create vaults, and interact with StashLock server from the command line.

Features

• Secrets Publishing: Publish secrets to StashLock vault with encryption
• Bitwarden Integration: Sync and publish from Bitwarden vaults
• Encrypted Storage: AES-256 encryption for all secrets
• Version Management: Track and manage secret versions
• Global Tool: Install once, use anywhere

Installation

Install as a global .NET tool:

dotnet tool install -g Deneblab.StashLock.Cli

Update to the latest version:

dotnet tool update -g Deneblab.StashLock.Cli

Quick Start

Basic Usage

# Show help
stashlock --help

# Show publish command help
stashlock publish --help

Publish Secrets

Publish secrets from a JSON file to StashLock vault:

stashlock publish -f secrets.json

Publish with Bitwarden sync:

stashlock publish -f secrets.json --make-sync

Commands

publish

Publishes secrets to StashLock vault.

Options:

• -f, --file <string> (Required) - Path to secrets JSON file
• -s, --make-sync (Optional) - Sync with Bitwarden online store before publishing

Example:

stashlock publish -f my-secrets.json
stashlock publish -f secrets.json --make-sync

Secrets File Format

Create a secrets.json file with your vault configuration:

{
  "Name": "myapp",
  "MainPassword": "your-secure-password",
  "ApiUrl": "https://vault.example.com/api/",
  "ApiKey": "your-api-key",
  "Version": "v1",
  "OtherValues": {
    "Database:ConnectionString": "Server=localhost;Database=myapp",
    "Database:Password": "db-password",
    "ApiKeys:External": "external-api-key",
    "Features:EnableNewUI": "true"
  }
}

Configuration Fields:

• Name - Vault box name (e.g., myapp, production)
• MainPassword - Master password for encryption
• ApiUrl - StashLock server API endpoint
• ApiKey - API key for authentication
• Version - Version identifier (e.g., v1, v2, 2024-01)
• OtherValues - Dictionary of secret key-value pairs

Environment Variables

Security Best Practices

1. Never commit secrets files - Add secrets.json to .gitignore
2. Use strong passwords - MainPassword should be complex and unique
3. Rotate secrets regularly - Update passwords and API keys periodically
4. Secure API keys - Store API keys in environment variables when possible
5. Version your secrets - Use the Version field to track changes

Integration with Bitwarden

StashLock CLI can sync with Bitwarden vaults using the --make-sync flag. This requires:

1. Bitwarden CLI installed and configured
2. Active Bitwarden session
3. Proper vault access permissions

Troubleshooting

Tool not found after installation:

# Ensure .NET tools directory is in PATH
# On Windows: %USERPROFILE%\.dotnet\tools
# On Linux/macOS: ~/.dotnet/tools

Permission errors:

# Check API key and URL are correct
# Verify network connectivity to StashLock server

Encryption errors:

# Verify MainPassword is correct
# Ensure secret values are valid UTF-8 strings

Uninstall

Remove the global tool:

dotnet tool uninstall -g Deneblab.StashLock.Cli

License

MIT License - see LICENSE file for details

Repository

https://github.com/deneblab/stashlock

Support

For issues and questions, please visit: https://github.com/deneblab/stashlock/issues