[bin] Add rekey and load_key scripts
This commit is contained in:
41
bin/.bin/load_keys
Executable file
41
bin/.bin/load_keys
Executable file
@ -0,0 +1,41 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
PASS_BASE="personal/ssh"
|
||||||
|
STORE_ROOT="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
|
||||||
|
ABS_BASE_PATH="${STORE_ROOT}/${PASS_BASE}"
|
||||||
|
|
||||||
|
# Ensure ssh-agent is running
|
||||||
|
if [[ -z "${SSH_AUTH_SOCK:-}" ]]; then
|
||||||
|
eval "$(ssh-agent -s)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Verify the base path exists
|
||||||
|
if [[ ! -d "$ABS_BASE_PATH" ]]; then
|
||||||
|
echo "ERROR: Base path not found in pass: $PASS_BASE" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Loop through each identity subdirectory
|
||||||
|
while IFS= read -r dir; do
|
||||||
|
IDENTITY=$(basename "$dir")
|
||||||
|
|
||||||
|
# Find the latest .gpg file by name (ISO sort)
|
||||||
|
LATEST_FILE=$(find "$dir" -maxdepth 1 -name "*.gpg" -printf "%f\n" \
|
||||||
|
| sed 's/\.gpg$//' \
|
||||||
|
| sort -r \
|
||||||
|
| head -n 1)
|
||||||
|
|
||||||
|
if [[ -z "$LATEST_FILE" ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Injecting $IDENTITY ($LATEST_FILE) into ssh-agent..."
|
||||||
|
|
||||||
|
# Decrypt and pipe directly to ssh-add
|
||||||
|
# The '-' tells ssh-add to read the key from standard input (stdin)
|
||||||
|
pass show "${PASS_BASE}/${IDENTITY}/${LATEST_FILE}" | ssh-add - >/dev/null 2>&1
|
||||||
|
|
||||||
|
done < <(find "$ABS_BASE_PATH" -mindepth 1 -maxdepth 1 -type d)
|
||||||
|
|
||||||
|
echo "Done. All latest keys injected into agent."
|
||||||
26
bin/.bin/rekey
Executable file
26
bin/.bin/rekey
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
USER="${USER:-$(whoami)}"
|
||||||
|
HOST="${HOST:-$(hostname)}"
|
||||||
|
DATE="$(date +%F)"
|
||||||
|
SSH_DIR="$HOME/.ssh"
|
||||||
|
mkdir -p "$SSH_DIR"
|
||||||
|
PASS_PATH="personal/ssh/$USER@$HOST/$DATE"
|
||||||
|
|
||||||
|
# --- Temporary RAM-backed file for private key ---
|
||||||
|
TMP_PRIV="/dev/shm/sshkey_$USER@$HOST$DATE"
|
||||||
|
trap 'rm -f "$TMP_PRIV"' EXIT
|
||||||
|
|
||||||
|
# Generate Ed25519 key pair into RAM
|
||||||
|
ssh-keygen -t ed25519 -f "$TMP_PRIV" -N "" -q
|
||||||
|
|
||||||
|
# Insert private key into pass
|
||||||
|
cat "$TMP_PRIV" | pass insert --multiline --force "$PASS_PATH"
|
||||||
|
echo "Private key stored in pass at $PASS_PATH"
|
||||||
|
|
||||||
|
# Extract public key from the same temp file
|
||||||
|
ssh-keygen -y -f "$TMP_PRIV" > "$SSH_DIR/$USER@$HOST.pub"
|
||||||
|
echo "Public key written to $SSH_DIR/$USER@$HOST.pub"
|
||||||
|
|
||||||
|
# Private key removed from /dev/shm automatically
|
||||||
Reference in New Issue
Block a user