A suckless keyring build upon pass.
I was bored feeding my SSH-Agent with all my SSH-keys particularly their passphrases. Because of that i needed a tool which allows me to add plenty of keys with a sigle passphrase. Just what a keyring does. Furthermore it has to fit well into my environment and toolchain because Gnome-Keyring and friends just displeases me because of all their dependencies.
Right! Keyring tries to solve a nibble of beggary.
This is the preferred method, because it's easier to track updates and to contribute.
cd ~/foo git clone https://git.christoph-polcin.com/keyring/ cd ~/bin ln -s ~/foo/keyring/keyring
curl https://git.christoph-polcin.com/keyring/plain/keyring -o ~/bin/keyring chmod 700 ~/bin/keyring
Put the following lines into a shell resource file which gets sourced one time,
eval `keyring --eval --add ~/.ssh/foo_key ~/.ssh/bar_key ~/.ssh/baz_key`
If you need Your keys in every shell session put the following line into
Your default resource file, eg.
eval `keyring --eval`
Below are all customizable environmental variables with their default values:
GPG_INFO_FILE="/tmp/gpg-agent-info.$USER" SSH_INFO_FILE="/tmp/ssh-agent-info.$USER" PASS_KEY_PREFIX='keyring'
And here is an example how to adjust and submit those values.
eval ` \ PASS_KEY_PREFIX='foo' \ keyring --eval`
Use this naming convention to add your keyring keys / passphrases into pass manager,
replace uppercase words.
PASS_KEY_PREFIX is assigned with
pass insert PASS_KEY_PREFIX/PRIVATE_KEY_FILE_NAME
To add a SSH-key with the default PREFIX and which is located
pass insert keyring/my-private-ssh-key
The passprahse which pass is asking for has to be the passphrase of the inserted key.
To unlock the keyring You have to use the passphrase which is assigned with Your GPG-ID.
Simplified BSD License / FreeBSD License. See LICENSE for details.
Backup and encrypt Your ~/.ssh directory:
tar -cj .ssh | gpg --symmetric --cipher-algo aes256 --output /tmp/ssh-backup.bz2.gpg