Secstore authenticates to a secure–store server using a password
and optionally a hardware token, then saves or retrieves a file.
This is intended to be a credentials store (public/private keypairs,
passwords, and other secrets) for a factotum.
Option –c prompts for a password change.
Option –g retrieves a file to the local directory; option –G writes
it to standard output instead. Specifying getfile of . will send
to standard output a list of remote files with dates, lengths
and SHA1 hashes.
Option –i says that the password should be read from standard input
instead of from /dev/cons.
Option –n says that the password should be read from NVRAM (see
authsrv(2)) instead of from /dev/cons.
Option –p stores a file on the secstore.
Option –r removes a file from the secstore.
The server is tcp!$auth!secstore, or the server specified by option
Option –u access the secure–store files belonging to user.
Option –v produces more verbose output, in particular providing
a few bits of feedback to help the user detect mistyping.
For example, to add a secret to the file read by factotum(4) at
startup, open a new window, type
and delete the window. The first line creates an ephemeral memory–resident
workspace, invisible to others and automatically removed when
the window is deleted. The next three commands fetch the persistent
copy of the secrets, append a new secret, and save the updated
file back to secstore. The final command
loads the new secret into the running factotum.
The ipso command packages this sequence into a convenient script
to simplify editing of files stored on a secure store. It copies
the named files into a local ramfs(4) and invokes acme(1) on them.
When the editor exits, ipso prompts the user to confirm copying
modifed or newly created files back to secstore. If no file
is mentioned, ipso grabs all the user's files from secstore for
By default, ipso will edit the secstore files and, if one of them
is named factotum, flush current keys from factotum and load the
new ones from the file. If the –e, –f, or –l options are given, ipso
will just perform only the requested operations, i.e., edit, flush,
The –s option of ipso invokes sam(1) as the editor insted of acme;
the –a option provides a similar service for files encrypted by
aescbc (q.v.). With the –a option, the full rooted pathname of
the file must be specified and all files must be encrypted with
the same key. Also with –a, newly created files are ignored.
Aescbc encrypts (under –e) and decrypts (under –d) using AES (Rijndael)
in cipher block chaining (CBC) mode. Options i and n are as per
secstore, except that i reads from file descriptor 3.
% ramfs –p; cd /tmp|
% auth/secstore –g factotum
% echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
% auth/secstore –p factotum
% read –m factotum > /mnt/factotum/ctl