HEIMLICH-FILE(1) General Commands Manual HEIMLICH-FILE(1)

heimlich-filesecrets manager

heimlich-file path pattern

The heimlich-file utility retrieves the first line from path that begins with pattern. Each line in path is expected to consist of two columns separated by whitespace. Whereas only the second column is written to stdout from the first matching line. Since heimlich-file does not support encrypted files it is only intended to be used with doas(1) while accessing secrets in non-interactive environments,

The options are as follows:

path
Path to file containing secrets.
pattern
Pattern expressed as a basic regular expression used to find the matching line, see re_format(7).

Create a file containing the secrets only accessible by root and the wheel group:

# cat secrets
example.com secret
# chown root:wheel secrets
# chmod 400 secrets

A non-root user which is belongs to the wheel group can retrieve secrets using doas(1):

# cat /etc/doas.conf
permit nopass :wheel cmd heimlich-file
$ doas -n heimlich-file secrets example
secret

The heimlich-file utility exits 0 on success, and >0 if an error occurs.

heimlich(1), re_format(7)

Anton Lindqvist <anton@basename.se>

April 2, 2021 OpenBSD 7.2