Where is a secret chest hidden?

The spell Secret Chest says this:

You hide a chest, and all its contents, on the Ethereal Plane.

So, my question is: Where in the Ethereal Plane does the chest go?

Along the same lines, depending on the answer to that, is it possible for someone to travel through the ethereal plane to find a secret chest? I’m asking about this part as well because depending on where it’s hidden, it may be either easier or harder for someone to track down a secret chest.

Are your default racial traits suppressed when choosing the Doppelganger Character Secret?

Icewind Dale: Rime of the Frostmaiden contains a Character Secrets section, one of which is "Doppelganger" :

I’m a shapechanger. I have none of the traits of the race I’m imitating, but I retain my class features, background, and alignment. I have darkvision out to a range of 60 feet. I can use an action to do either of the following at will:

I can innately cast detect thoughts, requiring no components. My spellcasting ability is Intelligence. The spell’s Wisdom save DC is 8 + my proficiency bonus + my Intelligence modifier. I can polymorph into any humanoid I have seen or back into my true form. My statistics, other than my size, don’t change. Any equipment I’m wearing or carrying isn’t transformed. I revert to my true form when I die.

Does this mean that your default race’s traits are nullified when selecting this Character Secret ? Example – a Variant Human Doppelganger wouldn’t have the +1 bonus to two ability scores, the extra skill & extra feat, with that interpretation.

Is the cover art of the 1e AD&D module Sinister Secret of Saltmarsh a deliberate homage to the opening credits of Scooby Doo?

The 1e AD&D module U1 Sinister Secret of Saltmarsh has a plot that…

Coincidentally, the cover art of the 1e version of the module by David De Leuw depicts the mansion with bats flying out of it that is quite reminiscent of the spooky mansion with bats in the opening credits of Scooby Doo.

Are there any sources that verify this was a deliberate homage by the artist based on the plot of the module?

Cover art:

Cover of the 1e module

Scooby Doo opening credits:

Scooby Doo opening credits.

git reflog is showing plain text password used as a secret texts or files in Jenkins

We are using Jenkins Freestyle Project to the push the changes on the remote server. We are executing shell script on remote host using ssh for it. To pull the changes on remote host, we are using origin url with git username and git password. The credentials should not be visible in plain text in the url that’s why we have stored them in variables using ‘secret text(s) or file(s)’ option of ‘Build Environment’.

The git credentials are not visible to the users who are using Jenkins for other projects but the remote server is showing git credentials in plain text. Any user with ssh access of the remote server is able to run the git reflog command in the project directory.

Port 22 cannot be opened on the server where gitlab is deployed so we cannot use ssh keys method to create the build in Jenkins. We can use only http method to pull the changes.

Is there any way so we could implement to avoid showing the git credentials in plain text in the project directory.

Source of RegEx examples of Secret Detection patterns in repositories?

Where can I find RegEx that can pattern match common secret strings?

I have a product that scans repos and commits and in case a developer tries to commit a secret (i.e. passwords, keys). It scans for roughly 30 patterns by default which seems insufficient given thousands of repos in over seventy languages. I can expand that scanning with RegEx. However, I don’t know every common secret there is.

Is there a framework, list, or tool that can provide RegEx or patterns for likely secrets?

Where can I get comprehensive lists of secret types?

Or am I doomed to writing a metric ton of RegEx then being held responsible for when something is missed?

Secret of the Ancients (2012) – why leave them here?

Note – this has significant spoilers for the Secret of the Ancients campaign.

Secret of the Ancients has some really interesting ideas and lots of detail but some serious flaws also. However, among the unbelievably coincidental timings, forced plot choices and repeatedly stripping away all of the PCs’ gear, there is a serious question.

In the closing paragraphs of Chapter 4, the ship that the PCs are on:

In Chapter 5, page 91, we learn that:

Then in Chapter 7 when the characters finally succeed in getting into orbit they:

What is the in-game reason for the PCs arriving there? It beats being stuck in deep space with no way to reach an inhabited system or be rescued, but otherwise it is the worst possible location because it is where their enemies are waiting for them. Note that I am not looking for game design reasons for this occurrence, which I understand, I am looking for a plausible in-game rationale.

What’s a secure way to generate a keypair from a secret password?

I like to generate a public-private key pair that is seeded from a string. So having the string and the generation algorithm is enough to recreate the keys. I want to do this because I can then combine a password (that I’ll memorize), with a long, secret (randomly generated) text file (that I’ll store securely), and generate a key pair. I’ll then delete the key pair after each usage and regenerate them when needed. Thus, for the keys to be compromised, someone would need both the long text file, and the password in my head. (Or they need to intercept the key in the narrow intervals that it exists.) This seems safer to me than just storing the keys securely, where anyone with physical access to the keys can use them.

PS: I am obviously confident in not forgetting the password.

There is a similar question, but it’s old and doesn’t have a useful answer.

Why do I need –batch to import a secret key from a pipe?

Once I used this guide to transfer my secret key to my smartphone, so today I did the same thing for transfering the secret key from my workstation to my laptop.

Yes, I could have used a USB key, or I could have just relied on the first s of scp, which I’ve used to transfer the encrypted key, but I’m just curious to know the reason for this thing that I’m describing.

So what I did is:

  • On the workstation:

    1. gpg --armor --gen-random 1 20
    2. copy the string into the clipboard
    3. gpg --armor --export-secret-keys 'my key id' | gpg --armor --symmetric --output mykey
    4. paste the password from the clipboard and enter the key’s passphrase (in the right order)
  • On the laptop

    1. scp enrico@ip:/path/to/mykey .
    2. gpg --decrypt mykey | gpg --import

But step 2 failed with

... gpg: key 3F.........: error sending to agent: Inappropriate ioctl for device gpg: error building skey array: Inappropriate ioctl for device gpg: error reading '[stdin]': Inappropriate ioctl for device gpg: import from '[stdin]' failed: Inappropriate ioctl for device ... 

Upon searching on the web, I found that piping into gpg --import --batch instead of just gpg --import solves the error.

Why? From man gpg I read this:

      --batch       --no-batch              Use  batch  mode.  Never ask, do not allow interactive commands.  --no-              batch disables this option.  Note that even with a  filename  given  on              the  command line, gpg might still need to read from STDIN (in particu‐              lar if gpg figures that the input is a detached signature and  no  data              file  has  been  specified).   Thus if you do not want to feed data via              STDIN, you should connect STDIN to g‘/dev/null’.               It is highly recommended to use this  option  along  with  the  options              --status-fd and --with-colons for any unattended use of gpg. 

but even if it mentions STDIN I’m not sure I understand what this option means with respect to the error I get without it.

How do I share secret key files with Docker containers following 12 Factor App?

I am building an API and trying to follow the 12 Factor App methodology. Using Docker, the methodology says containers must be disposable.

Assuming the API will have high traffic, multiple docker containers will be running with the same app, connecting to the same database.

Certain fields in the database are encrypted and stored with a reference to the file containing the passphrase. – This is done so the passphrase can be updated, and old data can still be decrypted.

With a Docker container and following 12 Factor App, how should I provide the key files to each of the containers?

Am I correct in assuming I would need a separate server to handle the creating of new key files and distributing them over the network?

Is there secure software, protocols or services that do this already, or would I need a custom solution?

Manual TLS decryption with master secret

Assuming I have the master secret from SSLKEYLOGFILE client random, and server random, can I decrypt any tls traffic captured? I’ve started from Golang’s TLS implementation, pulled the connection stuff out, had it generate the keys and iv from the values above (https://github.com/golang/go/blob/cd18da451faedc4218a5fd0e38f9b3d13aa5da01/src/crypto/tls/prf.go#L121), but still can’t decrypt.

Thoughts? Is one able to generally decrypt any TLS (given correct version and cipher) with one instance implementation, like Golang’s?