A simple tool to encrypt & decrypt GAM secrets at runtime using your biometrics with unopass
Many Google Workspace admins use GAM or GAMADV-XTD3 to manage their instance. Currently, the secrets needed for these tools are stored on disk in plaintext.
GAMpass is a simple tool to encrypt & decrypt GAM secrets at runtime using your biometrics with unopass
pip install -r requirements.txt
Only tested on macOS 12.4+
GAMpass is a work in progress, and should be considered beta software.
Back up your plaintext secrets in a different directory before you run setup. Once you verify you can encrypt/decrypt secrets you can delete the backup.
gampass.py
to the same directory as GAM's secrets files, usually ~/.gam/
python gampass.py setup
*
gampass.key
file.gampass
and gampass_cli
alias to ~/.zshrc
gampass.py
gampass
gamkey
gampass.key
the credential
fieldUse this to make GAM calls
Put gampass
before the GAM command
gampass gam [gam args]
gampass gam select domain2 save | gam info domain
Use only this to manage your GAM secrets
Usage: gampass_cli [option]
Options:
encrypt Encrypt GAM all secrets
decrypt Decrypt GAM all secrets
setup Setup a key and encrypt secrets
updates View updates documentation
sync Encrypt all domains with existing 1Password key
Example:
gampass_cli sync
Everything that works with GAM should work via GAMpass, except for the following:
GAMpass is released under the MIT License