A suckless [Keyring] build upon [pass].
I was bored feeding my [SSH-Agent] with all my SSH-keys particularly
their passphrases. Because of that i needed a tool which allows me
to add plenty of keys with a sigle passphrase. Just what a keyring does.
Furthermore it has to fit well into my environment and tool chain because
[Gnome-Keyring] and friends just displeases me because of all their
Right! [Keyring] tries to solve a nibble of beggary.
[Keyring] depends on [GnuPG], [OpenSSH] and [pass] a suckless password manager.
Quick & Dirty Drop-In Style
curl https://git.christoph-polcin.com/keyring/plain/keyring -o /tmp/keyring
sudo install /tmp/keyring /usr/local/bin
Basic Keyring Configuration
Put the following lines into a shell resource file which gets sourced one time,
eg. `~/.zlogin`, `~/.bash_login`, `~/.profile`, `~/.xinitrc`, ...
eval `keyring --eval --add ~/.ssh/foo_key ~/.ssh/bar_key ~/.ssh/baz_key`
If you need Your keys in every shell session put the following line into
Your default resource file, eg. `~/.bashrc`, `~./.zshrc`, ...
eval `keyring --eval`
Below are all customizable environmental variables with their default values:
SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
And here is an example how to adjust and submit those values.
eval ` \
keyring --eval \
--add $(find ~/.ssh/ -type f -name '*.pub' | sed 's/.pub//') \
This will add all your keys and pull their passphrases via `pass foo/KEY`.
Your Keyring Database
To initialize the password store follow the instructions on the [pass] homepage
or consider their [examples]
Set a custom `PASS_KEY_PREFIX` or use `keyring` as default to insert our passphrases.
pass insert <PASS_KEY_PREFIX>/<PRIVATE_KEY_FILE_NAME>
# for ~/.ssh/my-private-ssh-key
pass insert keyring/my-private-ssh-key
The passphrase which [pass] is asking for has to be the passphrase
of the inserted key.
To unlock the keyring You have to use the passphrase which is assigned with
Simplified BSD License / FreeBSD License. See LICENSE for details.
Grab the source; get your hands dirty and file your patches or questions.
Backup and encrypt Your ~/.ssh directory:
tar -cj .ssh | gpg --symmetric --cipher-algo aes256 --output /tmp/ssh-backup.bz2.gpg