Question 1

How to encrypt a secret for multiple users with ssh-vault?

Accepted Answer

You can specify multiple -u flags for GitHub usernames or provide a file with public keys, but each recipient must have their public key available, and any private key holder can decrypt the secret.

Question 2

ssh-vault vs gpg for secret sharing?

Accepted Answer

ssh-vault uses SSH keys, ideal for developers already managing SSH access, while gpg relies on PGP keys with a broader ecosystem but steeper learning curve. Choose ssh-vault for simplicity and SSH integration.

Question 3

Can I use ssh-vault in a Docker container securely?

Accepted Answer

Yes, by installing the binary via Cargo or a package manager and mounting SSH keys as volumes, but ensure private keys are kept secure and not exposed in the image layers.

Question 4

How to revoke access for a user in ssh-vault?

Accepted Answer

You must re-encrypt the vault without the user's public key, as there's no built-in revocation; this requires manual management and redistributing the new encrypted file.

Question 5

Is ssh-vault suitable for encrypting large files?

Accepted Answer

It's designed for small secrets like passwords or API keys; for large files, performance may degrade, and it's better to use dedicated tools like age or symmetric encryption with SSH keys for key exchange.

ssh-vault

What is ssh-vault?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions