~hauleth/fuk

Fetch User Keys - simple tool for fetching SSH keys from different sources
chore: add license
docs: add manpage and xtask to install it
ft: improve initial implementation

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~hauleth/fuk
read/write
git@git.sr.ht:~hauleth/fuk

You can also use your local clone with git send-email.

#FUK

No one gives a fuk… so you need to take it yourself.

Fetch User Keys - simple tool for fetching SSH keys from various sources.

#Sources

  • [x] Raw - no fetching, just raw key from the configuration
  • [x] Forges
    • [x] GitHub
    • [x] SourceHut
    • [x] GitLab
    • [x] Forgejo
  • [x] Host keys via ssh-keyscan

#Reason

In my case the reason was to be able to easily prepare set of SSH keys for use with [agenix][], tool for managing secrets while working with Nix deployments. However usage can be extended to other situations as well:

  • Managing allowed_signers to check SSH signatures under commits and stuff
  • Fetching authorized_keys to allow users to upload their keys without admin manual intervention

#Usage

Define configuration file, for example keys.toml in form:

[[entry]]
name = "hauleth"
keys = [
    { sourcehut = "~hauleth" },
    { github = "hauleth" }
]

[[entry]]
name = "heimdall"
keys = [
    { host = [ "heimdall" ] }
]

Now you can run

fuk keys.toml > keys.json

And get JSON document containing all keys provided by these:

{
    "hauleth": [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7q0wm7C+EX0ORpRxeyhvWTT2BMPjSRQIZmbzPLIiHC"
    ],
    "heimdall": [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC36MGQHLsmS1aUtRYyC40lguLR4/sRXDxwT8ieSkGgLFc95xQ/7m8tIYmtCTwIMvN9gzJkW6ufbWfuX1iBYoWVVO/QdJz/5/Nl4ZofyfdFSk4ZYaWSOnMlY7vV9K0L0WsEEf1R3Erf42Ek051PcO8IeTtYTxkaugrBOPSVmzBOZu9osnJbatCsODe7uIWRU8jd5gmL7a9pmk9Q8nWDDXzu4bWd9Dg1M1d+rIY368J4LNOzknPZUkOcK1TpLkutB6bozvaeKSBNaqihA0un1VETArhiUmUY6a0y5e34PNLQjbl5UqHS5tmU5jmolDIJV2hF78+XrgaZf+CNoQ1Ac3QJ",
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZsoYDw74ez/2YLPZMDQgN/KxyGiXHZt+CowWMiyoyL"
    ]
}