Tabulify - Passphrase

Undraw Text Files

Tabulify - Passphrase


To encrypt and decrypt secret attributes, Tabulify uses a passphrase.

This passphrase is used to generate a cryptographic key for the encryption.


In Tabli, the passphrase can be given with the --passphrase global option.

Security Consideration

According to the Kerckhoffs' principle only secrecy of the key provides security, you should take great care of your passphrase


In an development environment, a passphrase could be shared broadly because the data should have no secrecy character.


In an production environment, the passphrase should be manipulated with care and be kept private.

You can achieve with several methods. We give two methods below.

Wrapper script

A wrapper script is a script that wraps the command with the following permissions:

  • executable
  • no read (can't be read)

The script can be executed but cannot be read by the user.


tabli --passphrase secret "$@"

Credentials Vault

If your environment has a credential vault functionality with SSO, you could retrieve it programmatically based on the credentials of the logged user.

Task Runner