Keymaster provides an easy way to upload your SSH keys to services like Github and Bitbucket. It's useful for authorizing machines from which you can't easily access a web browser or your LastPass account.
- You upload your public key to the web app using one of our clients (coming soon):
- CLI
- Eclipse plugin
- IntelliJ plugin
- GUI
- The client returns a short URL that can be accessed from any computer.
- You use the link to authenticate with Github and Bitbucket to install your key.
- After a short time, the link expires and your key disappears from the server. Privacy protected!
This repository is for setting up the Keymaster server. If you simply want to use the service as a client, you can visit our website or download the command line tool.
The app is written in Flask and connects to a Postgres database. Nginx is used as a proxy to serve static content and pass uWSGI requests on to Flask.
- Linux with systemd (for now)
- Python 2.7
- Postgres server with development headers
- Nginx
- libpcre3 and libpcre3-dev
- Bower
- Install dependencies
- Install Python 2.7, headers, PCRE, Nginx, Postgres through your preferred package manager
sudo pip install -r requirements.txt
bower install
- Set up your database
- Create a Postgres user and database for Keymaster
psql -d <database> -U <user> -f db_init.sql
- Configure uWSGI
- Update paths, usernames, and groups in
daemon/keymaster.ini
anddaemon/keymaster.service
- Copy or symlink
daemon/keymaster.service
to/etc/systemd/system/keymaster.service
sudo service keymaster start
sudo service keymaster enable
- Update paths, usernames, and groups in
- Configure Nginx passthrough
- Update paths in
daemon/keymaster.nginx
- Copy or symlink
daemon/keymaster.nginx
to/etc/nginx/conf.d/keymaster
sudo service nginx restart
- Update paths in
- Copy
config.spec.py
toconfig.py
and update the built-in settings.
POST /k
uploads a key to the site. Form Parameterspublic_key
: the text of the public key to upload. Response: A URL to the "key installation" page.
GET /k/<key_id>/raw
fetches the raw text of a key.POST /k/<key_id>/extend
extends the expiration of a key by 30 minutes.POST /k/<key_id>/expire
immediately causes a key to expire.
Extend the Connector
object. Implement the start_key_install
and finish_key_install
functions to start the OAuth flow, pass the key along, and install it. The name
and logo
properties define the UI and branding for the service.