Comments (4)
* The hash is the canonical unique identifier for the secret. Other fields (particularly names) do not have uniqueness constraints, so it's entirely possible and valid to have two keys with the same name right now (whether or not that was a good idea is certainly debatable, but that is a setup people do have in the wild right now)
Ah, I see.
Overall, basically Secretive is not designed to be managed from a CLI currently. A few people have requested that over the years so it's kind of on my radar, although not with any particular timetable now. If you have specific thoughts on what an ideal CLI interface for your specific use case would be, I'd be interested in hearing it.
Basically I'm trying to write a bootstrap / new-hire / new-laptop kind of script, something like:
brew install secretive
secretive create-new-key --username "$(whoami)" --label "super-special-bootstrap"
gcloud compute os-login ssh-keys add --key-file=$(secretive get-key-file --username "$(whoami)" --label "super-special-bootstrap")
But at the moment this appears to be a non-automatable segment, where I need to ask the user to go do some stuff manually, which is kind of a bummer and more likely to fail compared to running ssh-keygen
directly (which is less secure than Secretive).
from secretive.
Hey @ari-becker there's a few reasons for this right now:
- The hash is the canonical unique identifier for the secret. Other fields (particularly names) do not have uniqueness constraints, so it's entirely possible and valid to have two keys with the same name right now (whether or not that was a good idea is certainly debatable, but that is a setup people do have in the wild right now)
- The
PublicKeys
directory wasn't really designed for this use case β it was much more "I want to be able to specify this key to be used with this site in my SSH config file."
Overall, basically Secretive is not designed to be managed from a CLI currently. A few people have requested that over the years so it's kind of on my radar, although not with any particular timetable now. If you have specific thoughts on what an ideal CLI interface for your specific use case would be, I'd be interested in hearing it.
from secretive.
I was looking at this today, trying to use ssh-copy-id
to copy my public key to another machine. There's two issues right now:
- The public key in
~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys
doesn't have a corresponding private key file (as that's managed within the secure enclave), butssh-copy-id
expects one to be able to check if the key has already been added.- This can be worked around by having an empty file for the private key
- Pointing
ssh-copy-id
to keys in~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys
requires granting Terminal.app/iTerm2.app permission access to data of other applications. This is due to the terminal app being the "responsible process" of the child processes it runs (zsh
,ssh-copy-id
, etc).- This is an issue also when symlinking the files from
~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys
into~/.ssh
.
- This is an issue also when symlinking the files from
Having to give Terminal.app/iTerm2.app full access to other applications is not ideal, as it means any other process that you run in the terminal (or any of its children) also have that access to these apps.
A solution that might solve this is to add an option in Secretive to write the public key (and empty private key) into ~/.ssh
. This would require letting the user choose the location via a file dialog, which then gives Secretive access to that folder. The access can be persisted and shared between the Secretive agent and UI via bookmarks, as described here.
Has this been considered?
from secretive.
For the original issue of mapping key labels to keys, adding the key name as comment to the .pub file the same way it is in the copy-enabled screen section of Secretive could help, and be easy to accomplish ? grep -l $keyname /Users/$USER/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys/*.pub
from secretive.
Related Issues (20)
- ux: removing smart card does not "close" smart card key view
- ux: removing the smart card removes the public key file
- Loss of secrets HOT 2
- iTerm2 Secretive excessive notifications HOT 4
- Using Multiple Github Accounts HOT 1
- Configure how long key is active via settings HOT 1
- Agent refused operation when launching multiple requests HOT 2
- vvccccvvlgkjgcuehuuueiliitnbfvifvehbkunetdig
- vvccccvvlgkjgcuehuuueiliitnbfvifvehbkunetdigvvccccvvlgkjdjkunnereidjidtvitktldngbbvtnhul HOT 1
- Agent fails to respond in devcontainer
- [Feature/Bug] Yubikey not shown on macOS WITH secure enclave HOT 2
- βiTermβ would like to access data from other apps. HOT 4
- icloud HOT 13
- SecretAgent deadlocked after Sonoma 14.4.1 upgrade HOT 11
- Agent becomes unresponsive after a while HOT 2
- Apple Watch will not prompt for auth HOT 6
- Secrets don't survive reinstalling macOS HOT 1
- Document that notifications allow caching authN HOT 2
- Loss of all SSH keys, and immediate crash when trying to create a new secret HOT 6
- Possible performance issues on macOS 14.5 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secretive.