Notes on secstore
Secstore is insecure.
The secstore does not use modern crpyto, and it has sufferend no hardening. It shouldn't be exposed to the web.
What's the point
Ostensibly secstore doesn't do much of anything, but I like the semantics. You should probably just use stashfs.
How to use it
If you bind something to $sysname on Plan 9, it can't be accessed from external networks. This broke assumptions I had.....I'm still using a loopback device.
I've got
ip/ipconfig loopback /dev/null 127.1 /128
ip/ipconfig loopback /dev/null ::1 /128
auth/secstored -s tcp!127.1!5346
In my cfg/sysname/cpurc script. Then it can be used from remote systems over rcpu- you'll have to store that password on a local secstore, or type it.
For example
rcpu -h lan.limitedideas.org -c 'auth/secstore -nG factotum' > /mnt/factotum/ctl
With the -n option we even load the remote password off that system's nvram. Convenient I suppose.