hauleth.dev / fuk
Fetch User Keys - simple tool for fetching SSH keys from various sources
fork atom
TOML 50.0%
YAML 50.0%
27 1 0

Clone this repository

https://tangled.org/hauleth.dev/fuk
git@knot.hauleth.dev:hauleth.dev/fuk

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

FUK#

builds.sr.ht status

No one gives a fuk… so you need to take it yourself.

Fetch User Keys - simple tool for fetching SSH keys from various sources.

Sources#

  • Raw - no fetching, just raw key from the configuration
  • Forges
    • GitHub
    • SourceHut
    • GitLab
    • Forgejo
  • Host keys via ssh-keyscan

Reason#

In my case the reason was to be able to easily prepare set of SSH keys for use with [agenix][], tool for managing secrets while working with Nix deployments. However usage can be extended to other situations as well:

  • Managing allowed_signers to check SSH signatures under commits and stuff
  • Fetching authorized_keys to allow users to upload their keys without admin manual intervention

Usage#

Define configuration file, for example keys.toml in form:

[[entry]]
name = "hauleth"
keys = [
    { sourcehut = "~hauleth" },
    { github = "hauleth" }
]

[[entry]]
name = "heimdall"
keys = [
    { host = [ "heimdall" ] }
]

Now you can run

fuk keys.toml > keys.json

And get JSON document containing all keys provided by these:

{
    "hauleth": [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7q0wm7C+EX0ORpRxeyhvWTT2BMPjSRQIZmbzPLIiHC"
    ],
    "heimdall": [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC36MGQHLsmS1aUtRYyC40lguLR4/sRXDxwT8ieSkGgLFc95xQ/7m8tIYmtCTwIMvN9gzJkW6ufbWfuX1iBYoWVVO/QdJz/5/Nl4ZofyfdFSk4ZYaWSOnMlY7vV9K0L0WsEEf1R3Erf42Ek051PcO8IeTtYTxkaugrBOPSVmzBOZu9osnJbatCsODe7uIWRU8jd5gmL7a9pmk9Q8nWDDXzu4bWd9Dg1M1d+rIY368J4LNOzknPZUkOcK1TpLkutB6bozvaeKSBNaqihA0un1VETArhiUmUY6a0y5e34PNLQjbl5UqHS5tmU5jmolDIJV2hF78+XrgaZf+CNoQ1Ac3QJ",
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZsoYDw74ez/2YLPZMDQgN/KxyGiXHZt+CowWMiyoyL"
    ]
}