As a developer you have access to the source code and servers of applications, on which organizations depend. It is important that you make sure that this code is secure.

Where do you keep your secrets?

From our experience, we know that developers often have their digital affairs in order. They store their secrets securely, often encrypted with a password, which is of course unique and very complex. The only downside is that storing it encrypted means that you have to decrypt and copy/paste the secrets every time. It is thus frustrating and time consuming to be safe. And this applies not only to passwords, but also to your private keys. Most developers store these in ~/.ssh, but any application you run or install can then read, use, or steal your private keys without you realizing it. This is of course a very undesirable situation.

Use your smartphone as a security key

Nemis Security has developed a solution. With the Chiff CLI (command line interface) you can use the authentication method of your smartphone as a security key in a very easy way, instead of purchasing an expensive hardware token. The Chiff authenticator requires explicit permission to use a secret, such as your private key. You can easily set it up and even use it in a script. Keeping your secrets safe and secure never has been easier. It is published under an open-source license, so do not hesitate to give it a go!

Keep your secrets private.

Show me the code