pluie.me
All my system configs and packages in one repo
1#!/usr/bin/env nix-shell
2#!nix-shell -p nushell ssh-to-age -i nu
3
4#==============================================================================
5# SOPS w/ Age helper for retrieving my 1Password secret keys on the fly
6#
7# Because I am a very lazy person and don't like to watch out for the
8# implications of storing my SSH keys on mobile devices that may hypothetically
9# be seized at any second, I'm storing all my private keys with 1Password.
10#
11# Now, should you do this? For convenience, *maybe*? For maximum security?
12# Definitely not. Go use a Yubikey or something. I'm just not a fan of
13# keeping a metal dongle on my person this entire time. I'll probably just
14# write out my master passphrase in my last will or something so people
15# I trust can actually regain access to all my stuff in case something goes
16# awry. Just in case.
17#==============================================================================
18
19# 1Password UUIDs of my private keys.
20#
21# I feel *somewhat* safe to make this globally visible since you do
22# need to sign in with my 1Password account to actually access them,
23# and if you ever get to that point, my security has already been defeated.
24#
25# All of these should be Ed25519.
26#
27# NOTE: Additions/deletions _MUST_ be synchronized with .sops.yaml!
28let items = [
29 # Main SSH key
30 "bkk3jg6qjnwyymb6gjiopczlba"
31]
32
33# Make sure to sign in first.
34# Does nothing if already signed in
35^op signin
36
37$items
38 | par-each { |item|
39 ^op read $"op://Development/($item)/private key?ssh-format=openssh"
40 | ^ssh-to-age -private-key
41 }
42 | str join "\n"
43