Last active
October 3, 2025 08:54
-
-
Save huynhbaoan/afdd49ba4604c9faba94c54adf108441 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### === Custom Dev Additions === ### | |
| # Ensure GPG agent runs and caches passphrase for 9 hours | |
| export GPG_TTY=$(tty) | |
| if command -v gpgconf >/dev/null 2>&1; then | |
| gpgconf --launch gpg-agent | |
| fi | |
| # SSH helper: sj <jumpbox> <p|d> <host> | |
| sj() { | |
| local jumpbox="$1" # jb1..jb5 | |
| local acct="$2" # p or d | |
| local host="$3" | |
| if [[ -z "$jumpbox" || -z "$acct" || -z "$host" ]]; then | |
| echo "Usage: sj <jb1..jb5> <p|d> <host>" | |
| return 1 | |
| fi | |
| # map jumpbox code to real FQDN/hostname | |
| case "$jumpbox" in | |
| jb1) jmp="jumpbox1.example.com" ;; | |
| jb2) jmp="jumpbox2.example.com" ;; | |
| jb3) jmp="jumpbox3.example.com" ;; | |
| jb4) jmp="jumpbox4.example.com" ;; | |
| jb5) jmp="jumpbox5.example.com" ;; | |
| *) echo "Unknown jumpbox: $jumpbox"; return 1 ;; | |
| esac | |
| # pick account | |
| if [[ "$acct" == "p" ]]; then | |
| user="puser" | |
| elif [[ "$acct" == "d" ]]; then | |
| user="duser" | |
| else | |
| echo "Account must be 'p' or 'd'" | |
| return 1 | |
| fi | |
| ssh -J "${user}@${jmp}" "${user}@${host}" | |
| } | |
| # Optional shortcuts if you mostly use jb1 | |
| alias sjp='sj jb1 p' | |
| alias sjd='sj jb1 d' | |
| ### --- GPG + password helpers --- ### | |
| # Path to your encrypted files (adjust as needed) | |
| KEYFILE_GPG=/secrets/keyfile.gpg | |
| PWFILE_GPG=/secrets/password.gpg | |
| TMP_KEY=/tmp/keyfile.bin | |
| # Decrypt keyfile once per day (cached by gpg-agent for 9h) | |
| alias unlockkey='gpg --decrypt "$KEYFILE_GPG" > "$TMP_KEY" && echo "๐ Key unlocked (cached)"' | |
| # Decrypt password with key and send to Mac clipboard for 30s | |
| pwclip() { | |
| gpg --batch --yes --quiet --pinentry-mode loopback \ | |
| --passphrase-file "$TMP_KEY" --decrypt "$PWFILE_GPG" \ | |
| | pbcopy | |
| echo "๐ Password copied to clipboard (30s)" | |
| (sleep 30; printf "" | pbcopy) & disown | |
| } | |
| ### === End Custom Dev Additions === ### | |
| # decrypt password and feed to sshpass+ssh | |
| gpg --batch --yes --quiet --pinentry-mode loopback \ | |
| --passphrase-file "$TMP_KEY" --decrypt "$PWFILE_GPG" \ | |
| | sshpass -f /dev/stdin ssh -o StrictHostKeyChecking=no -J "${user}@${jmp}" "${user}@${host}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment