How to securely save your secrets for free

This solution is based on Google Chrome, Gmail, and the Mailvelope extension for Chrome, which are all free.

First-time procedure

From the second time on, you only need Step 4 for storing and Step 6 for retrieving.

  1. Register a new Gmail account or use one of yours. Be it `X@gmail.com`.
  2. Install Mailvelope.
  3. Generate a key pair for `X+secrets@gmail.com`.
  4. Compose a message for `X+secrets@gmail.com`.
    1. Use a Subject like `Awesome Service` for your Awesome Service account.
    2. Click the Mailvelope icon that appears when you hover the body.
    3. You’ll see that a dialog appears with `X+secrets@gmail.com` in green.
    4. Enter account details, like your password.
    5. `Encrypt`
    6. You’ll see that the body of the message is now encrypted.
    7. Send the message.
  5. Given that `X+secrets@gmail.com` is just an alias of `X@gmail.com` you got the message in your inbox.
  6. Open it and confirm that it’s still encrypted.
    1. Click the Mailvelope icon that appears when you hover the body.
    2. Enter the password you specified in Step 3.
    3. You’ll see that the message is now decrypted.
    4. Close the message.

Why is this secure?

  • The network connection between your browser and Gmail servers is encrypted by default, so only you and Google can read your messages. With this encryption, not even Google will be able to read them.
  • When you send an email message protected by someone’s public encryption key, such a message can only be read by that someone using their matching private decryption key.
  • Anyone who got access to your browser without your consent and tried to steal one of these secrets would have to enter your password to read them.

Why is this practical?

  • It’s secure and free.
  • You can add a filter to label these messages so they appear collected.
  • You can search the subject or any other metadata you added to the bodies.
  • You can access your secrets from any Gmail device, anywhere in the world.
  • You can also keep all related secrets in a text file and send it as an encrypted attachment to `X+secrets@gmail.com`.

Welcome to my blog

A few days ago I added a new entry to the history of this blog.

  • 23 April 2005 — I bought my noteslog.com domain name.
  • 4 December 2005 — I started this blog at he.net.
  • 6 April 2007 — I changed this blog to anhosting.com.
  • 11 April 2013 — I changed this blog to digitalocean.com, Ubuntu 12.04
  • 23 April 2014 — I was forced to let expire my noteslog.com domain name.
  • 24 May 2017 — I changed this blog to digitalocean.com, Ubuntu 16.04

In the meantime, it’s URL went through

  • http://mondotondo.com/aercolino/noteslog
  • http://noteslog.com
  • http://andowebsit.es/blog/noteslog.com
  • http://mondotondo.com

How to replace text everywhere in Git

There is a Git command, filter-branch, which works wonders for changing the history of a repository, but it’s difficult to use because it forces you to know how Git works under the hood. Instead there is this little free tool, BFG Repo-Cleaner, which is intuitive, fast and recommended.

Check that there are some occurrences of your string

The first thing to do is to check that the repository contains the string you want to replace with another string. This will help later to make sure you effectively replaced it.

andrea at Lock-and-Stock in ~/dev/ruby
$ git clone git@gitlab.com:aercolino/your-repository.git

andrea at Lock-and-Stock in ~/dev/ruby
$ cd your-repository

andrea at Lock-and-Stock in ~/dev/ruby/your-repository
$ git log -G"your string" -i --all
commit ...
Author: ...
Date:   ...

    Message 2

commit ...
Author: ...
Date:   ...

    Message 1

Notice that, on the above git log line, the -G option allows to specify a regular expression, and the -i option allows to  ignore case.

Install BFG

BFG needs a JVM and you can install one with brew on a Mac.

$ brew cask install java
$ brew install bfg

Create search-replace.txt

BFG takes a file for specifying the text to search and replace. The accepted format is one replacement per line, like SEARCH==>REPLACE, with optional prefixes regex:, and glob:.

regex:your string==>another string

Use BFG

BFG acts on a bare repository which you can get by cloning with the --mirror option. Make sure the last commit doesn’t contains the text to be replaced, otherwise add a clean commit and push it before cloning.

andrea at Lock-and-Stock in ~/dev/ruby
$ git clone --mirror git@gitlab.com:aercolino/your-repository.git

andrea at Lock-and-Stock in ~/dev/ruby
$ bfg --replace-text search-replace.txt your-repository.git

andrea at Lock-and-Stock in ~/dev/ruby
$ cd your-repository.git

andrea at Lock-and-Stock in ~/dev/ruby/your-repository.git
$ git reflog expire --expire=now --all && git gc --prune=now --aggressive

Backup the old your-repository

You can recover this backup analogously to the section below.

andrea at Lock-and-Stock in ~/dev/ruby
$ git clone --mirror git@gitlab.com:aercolino/blog-experiment.git blog-experiment.git.backup

Create a new your-repository

This step involves removing your remote old repository and creating a remote new one with the same name as before. Then you can push to it from your local repository using the --mirror option.

andrea at Lock-and-Stock in ~/dev/ruby/your-repository.git
$ git push origin --mirror

Check that your string was replaced by another string

If all is OK then you should see no results when searching again for your string but at least the same number of results you got when looking for it before if you now look for the replacement string.

andrea at Lock-and-Stock in ~/dev/ruby
$ git clone git@gitlab.com:aercolino/your-repository.git

andrea at Lock-and-Stock in ~/dev/ruby
$ cd your-repository

andrea at Lock-and-Stock in ~/dev/ruby/your-repository
$ git log -G"your string" -i --all
(nothing shown)
andrea at Lock-and-Stock in ~/dev/ruby/your-repository
$ git log -G"another string" -i --all
commit ...
Author: ...
Date:   ...

    Message 2

commit ...
Author: ...
Date:   ...

    Message 1