Coffer is multi-backend password store with multiple frontends. It reaches out to Vault, pass and others to store your most precious secrets.
The CLI is built from a multitude of commands, a quick list can be found below:
Available commands:
view View entries under the specified path, optionally
returning only the specified field for each entry
create Create a new entry at the specified path
set-field Set a field on the entry at the specified path
delete-field Delete a field from the entry at the specified path
find Find and list entries, optionally filtering
rename Rename an entry or directory
copy Copy an entry or directory
delete Delete an entry or directory
tag Add or remove tags from an entry
First you must configure coffer and tell it how to reach your preferred backend(s). The way you do this depends on which frontend you want to use, please refer to frontends for a list. As an example, here is a config.toml
taken in by the CLI frontend:
main_backend = "vault-local"
[[backend]]
type = "vault-kv"
name = "vault-local"
address = "localhost:8200"
mount = "secret"
token = "<vault token>"
The configuration consists of a single main_backend
key and N [[backend]]
sections. Each one must at least have the type
key and the name
key. The rest depends on each backend, to see a comprehensive list, refer to backends.
The coffer CLI will look for its configuration file in the following order:
- A file passed to the tool using the
-c/--config
argument - A file passed to the tool using the
COFFER_CONFIG
environment variable config.toml
file in the current working directory.
Coffer also has a Web API. Its documentation can be found here.
The port can be specified via the command line option --port
or the environment variable COFFER_SERVER_PORT
.
$ stack run coffer-server -- --port=8081
This is the preffered way, install Nix according to the Nix download page. Then execute:
$ nix develop --extra-experimental-features 'nix-command flakes'
You're now ready to develop coffer, using the exact same version (down to a single bit) of GHC, Cabal and all the other required tooling. To actually perform a build run:
$ cabal build
To run coffer while developing run:
$ cabal run coffer -- <&args>
A language server is also available, to use it, either start your IDE from a nix shell
, or setup direnv
for your IDE. To install direnv
itself, take a look here.
If you don't want to install Nix or can't, then you can try to install the required packages from your distro's package manager. This is not recommended, supported or tested. A complete, but maybe incorrect list, which may need translation to your package manager's naming convention, can be found below:
ghc
cabal
haskell-language-server (optional)
stack
stylish-haskell
zlib
The package contains 4 test suites:
- A unit tests suite for the coffer library,
coffer:test:test
. - An integration test suite for the Web API,
coffer:test:server-integration
. - A set of golden tests written in
bats
for the coffer executable. - A Haskell doctest suite,
coffer:test:doctests
.
Use make test
to run all test suites:
$ make test
$ make test \
TEST_ARGUMENTS='--pattern "test name"' \
BATSFILTER='test name' \
DOCTEST_ARGUMENTS='--verbose'
You can also run an individual test suite:
$ make test-unit TEST_ARGUMENTS='--pattern "test name"'
$ make server-integration TEST_ARGUMENTS='--pattern "test name"'
$ make bats BATSFILTER='test name'
$ make doctest DOCTEST_ARGUMENTS='--verbose'