eritbh / 1password-ssh-utils Goto Github PK

Also probably split the key creation logic into its own function in common.sh and just keep the high-level logic in op-create-identity

We can identify whether identities have been pulled by checking for the existence of the ssh_config file. Make a wrapper that will run the add script only if that file doesn't exist yet, then calls ssh passing through arguments. Users would be able to use the wrapper by adding e.g. alias ssh="op-ssh" to their shell config.

This may not actually need a wrapper; an option could be added to the existing script to do nothing if keys have already been pulled, and it could be used as e.g. alias ssh="op-add-identities -z; ssh" assuming a similar alias structure is available across shells.

Rather than always putting keys and config in /dev/shm/op-ssh-config, we should instead name the folder something random and store that location as a symlink somewhere in the user's local directory (~/.local/tmp/1password-ssh-temp -> /dev/shm/tg4hn708v34hgofd or something like that, I need to figure out where the best place for it would be). This will support multi-user systems since each user won't be trying to store their keys in a directory someone else already owns.

I don't actually know what the intended use case of this folder is aside from "shared memory." I'm saying it's okay for now because I am kinda using it to share memory between this program and ssh...? but I don't buy it. It may be a better idea to just have users mount their own tmpfs partitions to be safe, but I don't know if that's a reasonable ask for every user since it requires root.

• Use a tag rather than relying on the "Server" template
• Allow reading SSH key details from any section
• If there's no fields with the proper internal names, fall back to checking for fields that are named the same as default

https://github.com/eritbh/1password-ssh-utils/blob/main/op-create-identity#L106-L107