hauleth.dev / fuk
Fetch User Keys - simple tool for fetching SSH keys from various sources
fork atom
fuk / README.md
at master 2.0 kB view raw view rendered
1<!-- 2SPDX-FileCopyrightText: 2024 Łukasz Niemier <#@hauleth.dev> 3 4SPDX-License-Identifier: EUPL-1.2 5--> 6 7# FUK 8 9[![builds.sr.ht status](https://builds.sr.ht/~hauleth/fuk.svg)](https://builds.sr.ht/~hauleth/fuk?) 10 11> No one gives a fuk… so you need to take it yourself. 12 13**F**etch **U**ser **K**eys - simple tool for fetching SSH keys from various 14sources. 15 16## Sources 17 18- [x] Raw - no fetching, just raw key from the configuration 19- [x] Forges 20 + [x] GitHub 21 + [x] SourceHut 22 + [x] GitLab 23 + [x] Forgejo 24- [x] Host keys via `ssh-keyscan` 25 26## Reason 27 28In my case the reason was to be able to easily prepare set of SSH keys for use 29with [agenix][], tool for managing secrets while working with Nix deployments. 30However usage can be extended to other situations as well: 31 32- Managing `allowed_signers` to check SSH signatures under commits and stuff 33- Fetching `authorized_keys` to allow users to upload their keys without admin 34 manual intervention 35 36## Usage 37 38Define configuration file, for example `keys.toml` in form: 39 40```toml 41[[entry]] 42name = "hauleth" 43keys = [ 44 { sourcehut = "~hauleth" }, 45 { github = "hauleth" } 46] 47 48[[entry]] 49name = "heimdall" 50keys = [ 51 { host = [ "heimdall" ] } 52] 53``` 54 55Now you can run 56 57```sh 58fuk keys.toml > keys.json 59``` 60 61And get JSON document containing all keys provided by these: 62 63```json 64{ 65 "hauleth": [ 66 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7q0wm7C+EX0ORpRxeyhvWTT2BMPjSRQIZmbzPLIiHC" 67 ], 68 "heimdall": [ 69 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC36MGQHLsmS1aUtRYyC40lguLR4/sRXDxwT8ieSkGgLFc95xQ/7m8tIYmtCTwIMvN9gzJkW6ufbWfuX1iBYoWVVO/QdJz/5/Nl4ZofyfdFSk4ZYaWSOnMlY7vV9K0L0WsEEf1R3Erf42Ek051PcO8IeTtYTxkaugrBOPSVmzBOZu9osnJbatCsODe7uIWRU8jd5gmL7a9pmk9Q8nWDDXzu4bWd9Dg1M1d+rIY368J4LNOzknPZUkOcK1TpLkutB6bozvaeKSBNaqihA0un1VETArhiUmUY6a0y5e34PNLQjbl5UqHS5tmU5jmolDIJV2hF78+XrgaZf+CNoQ1Ac3QJ", 70 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZsoYDw74ez/2YLPZMDQgN/KxyGiXHZt+CowWMiyoyL" 71 ] 72} 73```