flxai · March 7, 2021 02:24
diff --git a/ssh-keyring b/ssh-keyring
 #!/usr/bin/env bash
 # Unlock ssh keys using passphrases stored in keepassxc database

 if [[ $# -lt 2 ]]; then
    echo -e "Usage:\n${0##*/} KEEPASS_DB KEY_DIR"
    exit 1
 fi

 # Some variables
 kpdb="$1"
 key_dir="$2"
 askpass="$0-ask"
 c_red=$(tput setaf 1)
 c_grn=$(tput setaf 2)
 c_rst=$(tput sgr0)

 # Ask for password
 echo "Unlocking all ssh-keys..."
 echo -n "Enter password: "
 read -s dbpw
 echo

 key_fail() {
    echo "  ${c_red}$1${c_rst}"
 }

 key_success() {
    echo "  ${c_grn}$1${c_rst}"
 }

 # Trailing slash required for symlinks
 key_files=$(find "$key_dir/" -type f -regex '.+/[^.]+')
 for key_file in $key_files; do
    # Skip unprotected
    ssh-keygen -y -P "" -f "$key_file" &>/dev/null && continue
    # Short name
    key_name="${key_file##*/}"
    # Get keepass item or continue silently
    kpid=$(echo "$dbpw" | keepassxc-cli locate "$kpdb" "$key_name" 2>/dev/null)
    [[ -z "$kpid" || "$kpid" == "" ]] && key_fail "$key_name (no such entry)" && continue
    # Get item's password
    key_pw=$(echo "$dbpw" | keepassxc-cli show "$kpdb" "$kpid" -a password 2>/dev/null)
    # Use password to unlock key
    SSH_ASKPASS="$askpass" ssh-add "$key_file" <<< "$key_pw" 2>/dev/null && key_success "$key_name" || key_fail "$key_name (wrong pw)"
    unset key_pw
 done

 unset dbpw
diff --git a/ssh-keyring-ask b/ssh-keyring-ask
 #!/usr/bin/env bash
 # Helper script for using ssh-add
 read -rs secret
 echo "$secret"
	#!/usr/bin/env bash
	# Unlock ssh keys using passphrases stored in keepassxc database

	if [[ $# -lt 2 ]]; then
	echo -e "Usage:\n${0##*/} KEEPASS_DB KEY_DIR"
	exit 1
	fi

	# Some variables
	kpdb="$1"
	key_dir="$2"
	askpass="$0-ask"
	c_red=$(tput setaf 1)
	c_grn=$(tput setaf 2)
	c_rst=$(tput sgr0)

	# Ask for password
	echo "Unlocking all ssh-keys..."
	echo -n "Enter password: "
	read -s dbpw
	echo

	key_fail() {
	echo " ${c_red}$1${c_rst}"
	}

	key_success() {
	echo " ${c_grn}$1${c_rst}"
	}

	# Trailing slash required for symlinks
	key_files=$(find "$key_dir/" -type f -regex '.+/[^.]+')
	for key_file in $key_files; do
	# Skip unprotected
	ssh-keygen -y -P "" -f "$key_file" &>/dev/null && continue
	# Short name
	key_name="${key_file##*/}"
	# Get keepass item or continue silently
	kpid=$(echo "$dbpw" \| keepassxc-cli locate "$kpdb" "$key_name" 2>/dev/null)
	[[ -z "$kpid" \|\| "$kpid" == "" ]] && key_fail "$key_name (no such entry)" && continue
	# Get item's password
	key_pw=$(echo "$dbpw" \| keepassxc-cli show "$kpdb" "$kpid" -a password 2>/dev/null)
	# Use password to unlock key
	SSH_ASKPASS="$askpass" ssh-add "$key_file" <<< "$key_pw" 2>/dev/null && key_success "$key_name" \|\| key_fail "$key_name (wrong pw)"
	unset key_pw
	done

	unset dbpw
	#!/usr/bin/env bash
	# Helper script for using ssh-add
	read -rs secret
	echo "$secret"