-
-
Save YourFriendCaspian/1f2606683e84863940fd35f31428a147 to your computer and use it in GitHub Desktop.
Allow storage of SSH private keys in LastPass, and use lpass CLI to retrieve and load into ssh-agent. The general idea is to store the private key armored ASCII in an "SSH Key" Secure Note, in a specific folder (i.e.: "Secure Notes\SSH" ).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Import all SSH keys from LP | |
| # | |
| PREFIX=~ | |
| SSH_ASKPASS=$PREFIX/bin/lp-askpass.sh | |
| export SSH_ASKPASS | |
| # This is needed to force ssh-add to honor our SSH_ASKPASS. | |
| DISPLAY=foo | |
| export DISPLAY | |
| CONTAINER="Secure Notes\SSH" | |
| # For some reason, lpass ls includes the folder's ID | |
| CONTAINER_ID=4532168026 | |
| for key_id in `lpass ls "${CONTAINER}" | grep -v $CONTAINER_ID | awk '{print substr($4, 0, length($4))}'`; do | |
| KEY_ID=$key_id | |
| export KEY_ID | |
| # lpass currently doesn't have a way of displaying individual fields from | |
| # an "SSH Key" Secure note. So here we grep everything but the final Notes field, | |
| # that has the ASCII armor private key with a leading carriage return | |
| # setsid is needed to force ssh-add to honor our SSH_ASKPASS. | |
| $PREFIX/lpass show --notes $key_id | setsid ssh-add /dev/stdin | |
| done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PREFIX=~/bin | |
| if [ -z "$KEY_ID" ]; then | |
| exit 1 | |
| fi | |
| $PREFIX/lpass show --field Passphrase $KEY_ID |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment