A git based secret store with gpg and x509 names.
- gnupg
- git
- pass(1) - http://passwordstore.org
GET http://github.com/denzuko.keys
Content-Type: application/json
Authorization: token "OAUTH-TOKEN"
PUT https://api.github.com/repos/denzuko-devops/secrets/collaborators/:github_username
permission=pull
gpg --recv-key "user email or gpg key id"
gpg --batch --yes --edit-key "0xgpgkeyid" tsign 5
To restrict only a set of specific gpg-id or set of gpg-ids is assigned for that specific sub folder of the password store.
pass init -p 'x509 directory' "list of keys that are space deliminated"
pass gpg push origin
For example to authorizie for the Org:
pass init -p 'DC=net,DC=dapla,O=devops/'
-
pass init -p 'DC=net,DC=dapla,O=devops/OU=operations/'
pass gpg push origin
-
pass init -p 'DC=net,DC=dapla,O=devops/OU=operations/OU=Server Keys/'
pass init -p 'DC=net,DC=dapla,O=devops/OU=operations/OU=Application Keys/'
pass init -p 'DC=net,DC=dapla,O=devops/OU=operations/OU=Api Keys/'
pass gpg push origin
Content-Type: application/json
Authorization: token "OAUTH-TOKEN"
DELETE https://api.github.com/repos/denzuko-devops/secrets/collaborators/:github_username
gpg --batch --yes --edit-key "0xgpgkeyid" trust 2
gpg --send-key "0xgpgkeyid"
pass init "list of keys that are space deliminated"
pass gpg push origin
pass git checkout iso.org.dod.internet.42387.customers.OID
Directories begin with the baseDN and originization (ie DC=net,DC=dapla,O=devops). Following this the next level is originization/business unit then class of key, protocol name for the common port if applicaple and common name.
For example to access a web service key one would use:
pass 'DC=net,DC=dapla,O=devops/OU=operations/OU=Application Keys/OU=https/CN=routerlogin.matrix.net'
- How to use authentication subkeys in gpg for SSH public key authentication
- SSH agent for sudo authentication
- Three locks for ssh door
- Pam SSH Authentication
- Auto reverse ssh tunnels
- Jumphost tunnling
- 2fa with gpg keys and yubikey
- Create CSR from gpg key and openssl
- Stunnel Client auth
- Automatic SSL Creation