You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can see that there are many tokens that exists in config files littered on people's computers. Whenever you use anything that requires authenticated usage, this ends up going into files like ~/.config/.... This includes SSH keys and GPG keys and GITHUB_TOKEN or cachix token or ~/.aws/credentials or ... etc.
Point is, how does one synchronize these secret locations with secrets that are inside Polykey.
At first glance this could mean that the secrets are stored in 2 places. Inside polykey and inside the home directory. This is because programs like ssh continue to read privileged files (and even check the permissions of those files/directories) for these secrets.
We would like to improve the UX of this. Polykey should facilitate some form of synchronization between where the secret is ultimately stored. This is called the "Source of Truth". And where it has to be delivered to be used.
In some cases, while the secret is in-use they cannot be changed without relaunching the entire "user" program. But often secrets like these must exist on disk somewhere to be loaded.
It gets more complicated when people are using things like ssh-key agent or gpg key agent to cache keys. And the keys themselves are also encrypted. One of the ways to deal with this is with custom integrations or plugins that expose polykey as an underlying source for other kinds of programs expecting agents. Just like how gpg agent can masqeurade as the ssh key agent. But this of course is more niche. A browser based or OS keychain integration is likely to be more fruitful in the short-run.
The text was updated successfully, but these errors were encountered:
Created by @CMCDragonkai
Related to #169 or #170
We can see that there are many tokens that exists in config files littered on people's computers. Whenever you use anything that requires authenticated usage, this ends up going into files like
~/.config/.... This includes SSH keys and GPG keys andGITHUB_TOKENor cachix token or~/.aws/credentialsor ... etc.Point is, how does one synchronize these secret locations with secrets that are inside Polykey.
At first glance this could mean that the secrets are stored in 2 places. Inside polykey and inside the home directory. This is because programs like ssh continue to read privileged files (and even check the permissions of those files/directories) for these secrets.
We would like to improve the UX of this. Polykey should facilitate some form of synchronization between where the secret is ultimately stored. This is called the "Source of Truth". And where it has to be delivered to be used.
In some cases, while the secret is in-use they cannot be changed without relaunching the entire "user" program. But often secrets like these must exist on disk somewhere to be loaded.
It gets more complicated when people are using things like ssh-key agent or gpg key agent to cache keys. And the keys themselves are also encrypted. One of the ways to deal with this is with custom integrations or plugins that expose polykey as an underlying source for other kinds of programs expecting agents. Just like how gpg agent can masqeurade as the ssh key agent. But this of course is more niche. A browser based or OS keychain integration is likely to be more fruitful in the short-run.
The text was updated successfully, but these errors were encountered: