README.md at 2f485abf7316be9f68b60fbca38cca37b87d0ec7 · hauleth.dev/fuk

hauleth.dev / fuk

Fetch User Keys - simple tool for fetching SSH keys from various sources

fuk / README.md

at 2f485abf7316be9f68b60fbca38cca37b87d0ec7 2.0 kB view raw view rendered

 1<!--
 2SPDX-FileCopyrightText: 2024 Łukasz Niemier <#@hauleth.dev>
 3
 4SPDX-License-Identifier: EUPL-1.2
 5-->
 6
 7# FUK
 8
 9[![builds.sr.ht status](https://builds.sr.ht/~hauleth/fuk.svg)](https://builds.sr.ht/~hauleth/fuk?)
10
11> No one gives a fuk… so you need to take it yourself.
12
13**F**etch **U**ser **K**eys - simple tool for fetching SSH keys from various
14sources.
15
16## Sources
17
18- [x] Raw - no fetching, just raw key from the configuration
19- [x] Forges
20    + [x] GitHub
21    + [x] SourceHut
22    + [x] GitLab
23    + [x] Forgejo
24- [x] Host keys via `ssh-keyscan`
25
26## Reason
27
28In my case the reason was to be able to easily prepare set of SSH keys for use
29with [agenix][], tool for managing secrets while working with Nix deployments.
30However usage can be extended to other situations as well:
31
32- Managing `allowed_signers` to check SSH signatures under commits and stuff
33- Fetching `authorized_keys` to allow users to upload their keys without admin
34  manual intervention
35
36## Usage
37
38Define configuration file, for example `keys.toml` in form:
39
40```toml
41[[entry]]
42name = "hauleth"
43keys = [
44    { sourcehut = "~hauleth" },
45    { github = "hauleth" }
46]
47
48[[entry]]
49name = "heimdall"
50keys = [
51    { host = [ "heimdall" ] }
52]
53```
54
55Now you can run
56
57```sh
58fuk keys.toml > keys.json
59```
60
61And get JSON document containing all keys provided by these:
62
63```json
64{
65    "hauleth": [
66        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7q0wm7C+EX0ORpRxeyhvWTT2BMPjSRQIZmbzPLIiHC"
67    ],
68    "heimdall": [
69        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC36MGQHLsmS1aUtRYyC40lguLR4/sRXDxwT8ieSkGgLFc95xQ/7m8tIYmtCTwIMvN9gzJkW6ufbWfuX1iBYoWVVO/QdJz/5/Nl4ZofyfdFSk4ZYaWSOnMlY7vV9K0L0WsEEf1R3Erf42Ek051PcO8IeTtYTxkaugrBOPSVmzBOZu9osnJbatCsODe7uIWRU8jd5gmL7a9pmk9Q8nWDDXzu4bWd9Dg1M1d+rIY368J4LNOzknPZUkOcK1TpLkutB6bozvaeKSBNaqihA0un1VETArhiUmUY6a0y5e34PNLQjbl5UqHS5tmU5jmolDIJV2hF78+XrgaZf+CNoQ1Ac3QJ",
70        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZsoYDw74ez/2YLPZMDQgN/KxyGiXHZt+CowWMiyoyL"
71    ]
72}
73```