Tuesday 12 February 2019
Today we’re pleased to announce Fluidkeys v0.4 😄
As well as pasting secrets, you can now send sensitive files like SSL certificates and private keys using end-to-end encryption.
If you’re keen to get started, head to download.fluidkeys.com
In our 0.3 release we introduced sending secrets like passwords, API tokens and other credentials. These are pasted or piped into Fluidkeys.
You told us that certain types of secrets are fundamentally file-like and the filename and extension matter.
Now you can send files too:
$ fk secret send 2019-02-12-staging.pem --to email@example.com
2019-02-12-staging.pem, is sent encrypted along with the content. The person
receiving your secret sees that filename and can choose to save the file to a
downloads directory. That saves them copy and pasting the secret into an editor.
To save you copy pasting into an editor and choosing a filename, Fluidkeys offers to save file-like secrets:
$ fk secret receive ... Save to ~/Downloads/2019-02-12-staging.pem? [y/n]
tmux in split-screen mode struggle to copy multiple lines.
Fluidkeys offers to copy paste-like secrets to the clipboard:
$ fk secret receive ... Copy to clipboard? [y/n]
We’ve heard from a number of teams that it’s time consuming to set up new starters with PGP.
It takes around 2 minutes for new users to install Fluidkeys, generate a PGP key, verify your email and start sending and receiving encrypted secrets.
This release allows sending small text secrets. If you’re interested in sending binary files or other large files, we’d love to understand your use case. Get in touch with the email below.
Fluidkeys creates a new encryption subkey each month for forward secrecy. It sets a short expiry on your primary key instead of relying on revocation.
Each month your updated public key is rotated and automatically uploaded to our server to ensure it’s available for others to find.
Beware that Fluidkeys uses
gpg to store its keys. If you delete a key from
gpg, there’s no copy in Fluidkeys. We don’t modify the
we push and pull straight from your default
gpg means keys made by Fluidkeys will automatically work with anything else
gpg such as
git for signing commits.
Future releases will introduce integrations to configure 3rd-party tools like git, pass, git-crypt
In order to be able to rotate your key automatically, Fluidkeys stores the password to your private key in your system keychain. You can see these by searching for “Fluidkeys”.
We chose not to use the public keyserver network until it supports deleting keys and cryptographic validation.
If you do want to upload to the public keyservers, make sure you automate it. Because Fluidkeys automatically rotates your encryption subkey every month, your key will quickly become out of sync with the keyservers. You could add cron task to upload your key regularly:
Edit your crontab by running
crontab -e and add this line:
@daily gpg --keyserver pool.sks-keyservers.net --send-key <email address>
When you install and set up Fluidkeys, you’re asked for your email address. Once you’ve verified it, others can send you secrets. You don’t need to manually exchange public keys.
Fluidkeys automatically fetches keys based on the verified email address and encrypts the secret to the key.
We use our own server to store public keys and transmit encrypted secrets.
Our vision for Fluidkeys is bigger than sending secrets.
Fluidkeys will make PGP simple to use as a team, safely automating all the awkward configuration and key management. Then you can use all the great tools and technology that already exist and work together.
Specifically, Fluidkeys will:
git-crypt, enigmail, Mailvelope and others
And if you haven’t already, sign up for release announcements like this one!
On to business: head on over to download.fluidkeys.com to get started.
$ fk --help Fluidkeys 0.4.0 Configuration file: /home/paul/.config/fluidkeys/config.toml Log file: /home/paul/.config/fluidkeys/debug.log Usage: fk setup fk setup <email> fk secret send <recipient-email> fk secret send [<filename>] --to=<email> fk secret receive fk key create fk key from-gpg fk key list fk key maintain [--dry-run] fk key maintain automatic [--cron-output] fk key upload Options: -h --help Show this screen --dry-run Don't change anything: only output what would happen --cron-output Only print output on errors
Please have a go and let us know how you get on!
We’re excited to hear from you :)
— Paul & Ian