Provision your authorized_keys via HTTPS/GitHub/GitLab

Overview

Keyps

Key Provisioning Service

Provision authorized_keys from HTTPS/GitHub/GitLab and automatically keep them up to date.

Motivation

Problem

Provisioning the authorized_keys for a user is usually either a cumbersome process, requiring a human to manually update a list of keys and redeploy every time a key changes or a person joins/leaves the team, or it involves setting up secret management providers that can be overkill in many situations. The needs of many sysadmins lie between these two extremes.

Solution

keyps aims to fill part of that gap by simplifying and automating the provisioning of authorized_keys by (re-)using infrastructure/services that are already ubiquitous. This allows individual team members to manage their keys and have those changes reflected on the machines they've been permitted access to without redeploying or deploying complicated additional infrastructure.

Installation

  • Nix: nix run github:srounce/keyps

TODO: Improve this section

Usage

Example

$ keyps -s github:srounce

Options

  • -v...

    Verbosity level, the more vs the more verbose program output will be.

    Example: -vvv

  • -f, --file <FILE>

    Path to authorized_keys file (eg. ./authorized_keys). This file must exist and be writable.

    If not specified, an upward search for the closest available .ssh/authorized_keys file will be performed from the current working directory.

  • -s, --source <SOURCES>

    One or more sources with one of the following formats:

    • github:<username>
    • gitlab:<username>
    • https://example.com/my.keys
  • -i, --interval <INTERVAL>

    Time in seconds to wait between polling sources

    Default: 10

  • -h, --help

    Print help (see a summary with '-h')

  • -V, --version

    Print version

You might also like...
A github rust workflows template, just want to focus on coding

rust-template A github rust workflows template, just want to focus on coding. Demo template GitHub Actions Workflow file Table of contents Features Us

Template to maintain a rust project running CI/CD with Github Workflows.
Template to maintain a rust project running CI/CD with Github Workflows.

Rust CI/CD template Template to maintain a rust project running CI/CD with Github Workflows. CI Workflow ci.yaml This workflow will run every time you

deductive verification of Rust code. (semi) automatically prove your code satisfies your specifications!
deductive verification of Rust code. (semi) automatically prove your code satisfies your specifications!

Le marteau-pilon, forges et aciéries de Saint-Chamond, Joseph-Fortuné LAYRAUD, 1889 About Creusot is a tool for deductive verification of Rust code. I

Employ your built-in wetware pattern recognition and signal processing facilities to understand your network traffic

Nethoscope Employ your built-in wetware pattern recognition and signal processing facilities to understand your network traffic. Check video on how it

Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer of security for your most sensitive files.

Koofr Vault https://vault.koofr.net Koofr Vault is an open-source, client-side encrypted folder for your Koofr cloud storage offering an extra layer o

a Solana program for granting friends permissions on your account without revealing your private key.
a Solana program for granting friends permissions on your account without revealing your private key.

Delegatooooor Granting Permission: An account holder (the delegator) decides to grant permission to a delegate. They create and sign a transaction tha

Temporary edit external crates that your project depends on

rhack You want to quickly put a sneaky macro kind of like dbg! into external crates to find out how some internal data structure works? If so rhack is

Daemon and tools to control your ASUS ROG laptop. Supersedes rog-core.

asusctl for ASUS ROG - Asus Linux Website asusd is a utility for Linux to control many aspects of various ASUS laptops but can also be used with non-a

secret folders generator to hide hentais in your computer
secret folders generator to hide hentais in your computer

hentai dream 95 secret folders generator to hide hentais in your computer, but its really old way as **** used techniquee one injection technique from

Comments
  • Support Sourcehut

    Support Sourcehut

    Is your feature request related to a problem? Please describe. Currently need to use the https source for sourcehut, having built-in support would be cool.

    Describe the solution you'd like I should be able to source keys from sourcehut doing something like -s sourcehut:<username>

    Additional context Sourcehut publishes user public keys at URLs with the following pattern: https://meta.sr.ht/~<username>.keys

    enhancement 
    opened by srounce 0
  • One-shot update

    One-shot update

    Is your feature request related to a problem? Please describe. Not all users want to run a daemon, some just want to update the authorized_keys file and exit.

    Describe the solution you'd like Add a flag which would tell keyps to run a single update and exit without reverting the file.

    The flag could be something like --update / -u.

    enhancement 
    opened by srounce 0
  • Support specifying trusted root certificates

    Support specifying trusted root certificates

    Is your feature request related to a problem? Please describe.

    • I'm getting MITM'd by my government and want to specify a set of root certificates I trust.
    • I want to use a self-signed certificate for a HTTPS source.

    Describe the solution you'd like

    • I'd like an additional flag to provide users with a way to specify additional root certificates to trust.
    • I'd like an additional flag to disable trust of the system root certificates, so only user-specified root certificates will be trusted.

    Additional context Thx to @nitrotm for suggesting this 😄

    enhancement 
    opened by srounce 0
Owner
Samuel Rounce
Contactable via: [email protected]
Samuel Rounce
Extract data from helium-programs via Solana RPC and serves it via HTTP

hnt-explorer This application extracts data from helium-programs via Solana RPC and serves it via HTTP. There are CLI commands meant to run and test t

Louis Thiery 3 May 4, 2023
use your GitHub SSH keys to authenticate to sshd

aeneid If you squint, GitHub is basically a free, zero-ops IdP that provides SSH public keys. Let's use it to authenticate to OpenSSH! What / How? The

Nikhil Jha 21 Dec 6, 2022
Authorize an ssh session using your keys on GitHub.

GitHub AuthorizedKeysCommand (hubakc) Heavily inspired by https://github.com/sequencer/gitakc . It allows someone login to the server using their ssh

Wenzhuo Liu 5 Nov 11, 2022
Bitcoin Push Notification Service (BPNS) allows you to receive notifications of Bitcoin transactions of your non-custodial wallets on a provider of your choice, all while respecting your privacy

Bitcoin Push Notification Service (BPNS) Description Bitcoin Push Notification Service (BPNS) allows you to receive notifications of Bitcoin transacti

BPNS 1 May 2, 2022
Manage secret values in-repo via public key cryptography

amber Manage secret values in-repo via public key cryptography. See the announcement blog post for more motivation. Amber provides the ability to secu

FP Complete 82 Nov 10, 2022
Drop-in Access Control via NFT Ownership

niftygate - Signature-Based Authenticating Proxy What is it? niftygate is a proxy for HTTP services, that validates signatures, providing an AuthN lay

Chris Olstrom 70 Jan 3, 2023
Minimal Substrate node configured for smart contracts via pallet-contracts.

substrate-contracts-node This repository contains Substrate's node-template configured to include Substrate's pallet-contracts ‒ a smart contract modu

Parity Technologies 73 Dec 30, 2022
Program to determine the password of an encrypted ZIP file via dictionary attack.

zip-dict-attack Program to determine the password of an encrypted ZIP file via dictionary attack. Inspired by this article. Usage Cargo is used to bui

null 2 Oct 8, 2022
Fast way to test a Substrate Runtime via RPC (eg. PolkadotJS UI).

runstrate Fast way to test a Substrate Runtime via RPC (eg. PolkadotJS UI). Build & Run git clone https://github.com/arturgontijo/runstrate cd runstra

Artur Gontijo 3 May 9, 2023
A CLI application that implements multi-key-turn security via Shamir's Secret Sharing.

agree agree is a CLI tool for easily applying multi-key-turn security via Shamirs Secret Sharing. Project state agree is unstable. Version semantics:

Alexander Weber 19 Aug 29, 2023