Essential Gradle plugin for managing project secrets with KeePass format. Format IO is provided by ⭐️ kotpass libary. Encrypted databases could be stored on desktop, pendrive or remote repository which simplifies collaboration between developers. Plugin can retrieve secrets/binaries which could be referenced in build scripts.
Using the plugins DSL:
plugins {
id("io.github.anvell.keepass.gradle.plugin") version "0.3.0"
}Check Gradle plugins portal.
Define path to KeePass database file along with password and/or keyfile.
gradleKeePass {
sourceFile.set(File(project.rootDir, "assets/test.kdbx"))
keyfile.set(File(property("myproject.secrets.keyfile").toString()))
password.set(property("myproject.secrets.password").toString())
}Secrets are retrieved from entry fields. Specific entry can be located by title:
val secret = gradleKeePass.fromEntry(
title = "One",
field = BasicField.Password()
)or by custom predicate:
val secret = gradleKeePass.fromEntry(
predicate = { fields.url?.content == "https://github.com" },
field = "Some"
)Attached files are placed under parentDir. File name is based on content hash and re-checked every time function is invoked:
val sampleFile = gradleKeePass.entryBinary(
title = "Two",
parentDir = File(project.buildDir, "binaries"),
binaryName = "sample.txt"
)- Supports newest KeePass format versions up to 4.1.
- AES256/ChaCha20 encryption with Argon2/AES KDF.
- Easily organise secrets in groups/entries and edit with any KeePass client of choise.
- Safely store sensitive files and retrieve when needed.
- Simplify collaboration by avoiding bloated gradle properties files.
Feel free to open a issue or submit a pull request for any bugs/improvements.
This project uses Kotlin gradle plugin template.