diff options
Diffstat (limited to '.local/bin/id-init')
-rwxr-xr-x | .local/bin/id-init | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/.local/bin/id-init b/.local/bin/id-init new file mode 100755 index 0000000..82d4a7b --- /dev/null +++ b/.local/bin/id-init | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/bin/bash | ||
2 | # | ||
3 | # Initalizes various identity management programs | ||
4 | # | ||
5 | # Must be run with bash (or probably any other shell that is not narrowly posix-compliant) | ||
6 | # to use here-string redirection | ||
7 | # | ||
8 | # This is a very short script but may require some explanation as to its purpose. | ||
9 | # | ||
10 | # I use both KeePassXC and pass for password management. This may seem redundant, and in some | ||
11 | # aspects it probably is, but for me each program has a purpose that the other cannot fill | ||
12 | # completely. Pass is great for programmatic access of passwords because of its use of | ||
13 | # gpg-agent, and KeePassXC's integration with ssh-agent is very useful. | ||
14 | # | ||
15 | # This script first caches the passhphrase for the GPG key which allows further use of the | ||
16 | # key without a prompt for a password - this of course applies to pass as well since it uses | ||
17 | # the gpg key. KeePassXC is then opened, which also adds the SSH keys to the ssh-agent. | ||
18 | # | ||
19 | # KeePassXC, pass, gpg-agent, and ssh-agent are then all initialized and ready to be | ||
20 | # used without any further user input, with just one set of credentials. | ||
21 | |||
22 | |||
23 | # Cache passphrase for gpg key in gpg-agent which is stored in KeePassXC | ||
24 | # Caching the GPG passphrase will allow access to pass without user input | ||
25 | # | ||
26 | # gpg-agent must be started with --allow-preset-passhprase or have it in the config file | ||
27 | # gpg-preset-passphrase respects gpg-agent's --max-cache-ttl option which defaults to 2 hours | ||
28 | # you may want to increase that if you want the password to be cached for the whole session | ||
29 | |||
30 | KEYGRIP="$(gpg -K --with-keygrip --with-colons | grep grp | tail -n 1 | cut -d':' -f10)" | ||
31 | /usr/lib/gnupg/gpg-preset-passphrase --preset $KEYGRIP \ | ||
32 | <<< "$(keepassxc-cli show $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx -a Password GPG)" | ||
33 | |||
34 | # Open graphical KeePassXC with password stored in pass, now that pass can be accessed | ||
35 | # without entering credentials for the GPG key | ||
36 | # This will also add SSH keys to ssh-agent | ||
37 | |||
38 | keepassxc $XDG_CONFIG_HOME/keepassxc/Passwords.kdbx --pw-stdin <<< "$(pass keepassxc)" | ||