Expand description
cryl - Secret generation tool
A high-performance, sandboxed CLI tool for generating, encrypting, and managing infrastructure secrets.
Enums§
- Cryl
Error - Errors that can occur during cryl operations
- Format
- Supported serialization formats
- TlsAlgorithm
- TLS key algorithm types
Functions§
- build_
basic_ constraints - Build basicConstraints string for CA certificates
- build_
intermediary_ final_ config - Build intermediary CA final config by appending CA-specific extensions
- build_
intermediary_ request_ config - Build intermediary CA request config (base config)
- build_
leaf_ final_ config - Build leaf certificate final config
- build_
leaf_ request_ config - Build leaf certificate request config
- build_
root_ config - Build root CA config content
- deserialize
- Deserialize content from string based on format
- deserialize_
from_ file - Deserialize from file path
- export_
copy - Copy exporter - copies a file from source to destination
- export_
vault - Vault exporter - exports all files in current directory to a Vault KV path
- export_
vault_ file - Vault file exporter - exports a single file to a Vault KV path
- generate_
age_ key - Generate an age key pair and save public + private keys
- generate_
cockroach_ ca - Generate a CockroachDB CA (certificate + key)
- generate_
cockroach_ client_ cert - Generate a CockroachDB client certificate (for a specific user)
- generate_
cockroach_ node_ cert - Generate a CockroachDB node certificate (signed by CockroachDB CA)
- generate_
copy - Copy generator - copies a file from source to destination
- generate_
csr - Generate a Certificate Signing Request (CSR)
- generate_
env - Generate an environment (.env-style) file from key-value pairs
- generate_
id - Generate a random alphanumeric id and save it to a file
- generate_
json - Generate a JSON file by converting data from one format to JSON
- generate_
key - Generate a random alphanumeric key and save it to a file
- generate_
key_ combine - Combine Shamir shares back into a single key
- generate_
key_ split - Split a key into Shamir shares and save them
- generate_
mustache - Generate a populated Mustache template
- generate_
nebula_ ca - Generate a Nebula CA (certificate + key)
- generate_
nebula_ cert - Generate a Nebula node certificate (signed by a Nebula CA)
- generate_
password - Generate random password with argon2 hashing
- generate_
password_ crypt3 - Generate random password with yescrypt hashing (crypt(3) format)
- generate_
pin - Generate a numeric PIN and save it to a file
- generate_
private_ key - Generate a private key using the specified algorithm
- generate_
random_ alphanumeric - Generate random alphanumeric string using OpenSSL
- generate_
random_ digits - Generate random numeric string (digits only)
- generate_
script - Generate and run a Nushell script
- generate_
self_ signed_ cert - Generate a self-signed certificate (for Root CA)
- generate_
sops - Generate SOPS-encrypted secrets from key-value inputs
- generate_
ssh_ key - Generate an SSH key pair (ed25519) and save public + private keys
- generate_
text - Write a text file as part of generation
- generate_
tls_ dhparam - Generate OpenSSL Diffie-Hellman parameters
- generate_
tls_ intermediary - Generate a TLS Intermediate CA (key + CSR + signed cert) using EC algorithm
- generate_
tls_ leaf - Generate a TLS Leaf certificate (key + CSR + signed cert) using EC algorithm
- generate_
tls_ root - Generate a TLS Root CA (private key + self-signed certificate) using EC algorithm
- generate_
tls_ rsa_ intermediary - Generate a TLS Intermediate CA (key + CSR + signed cert) using RSA algorithm
- generate_
tls_ rsa_ leaf - Generate a TLS Leaf certificate (key + CSR + signed cert) using RSA algorithm
- generate_
tls_ rsa_ root - Generate a TLS Root CA (private key + self-signed certificate) using RSA algorithm
- generate_
toml - Generate a TOML file by converting data from one format to TOML
- generate_
wireguard_ key - Generate a WireGuard key pair and save public + private keys
- generate_
yaml - Generate a YAML file by converting data from one format to YAML
- import_
copy - Copy importer - copies a file from source to destination
- import_
vault - Vault importer - imports all files from a Vault KV path
- import_
vault_ file - Vault file importer - imports a single file from a Vault KV path
- is_
ip_ address - Check if a string is a valid IP address (simple check)
- parse_
sans - Parse SANs (Subject Alternative Names) from comma-separated string Returns (dns_sans, ip_sans)
- read_
file_ if_ exists - Read file content if it exists, otherwise return None
- save_
atomic - Save content to a file atomically
- save_
private_ key - Save a private key to file
- save_
public_ file - Save a public certificate or config to file
- serialize
- Serialize content to string based on format
- serialize_
to_ file - Serialize to file
- should_
skip_ generation - Check if we should skip generation (files exist and no renew)
- sign_
certificate - Sign a certificate with a CA
Type Aliases§
- Cryl
Result - Result type alias for cryl operations