Skip to content

Instantly share code, notes, and snippets.

@eritbh
Last active June 8, 2023 15:44
  • Star 3 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save eritbh/5db73c1ddf9c27c425e7f4bd1f054c1c to your computer and use it in GitHub Desktop.
1password SSH identity management helpers
#!/bin/bash
echo "Signing into 1password..."
eval $(op signin $@)
items=($(op list items | jq '.[] | select(.templateUuid == "110") | .uuid' --raw-output))
for uuid in "${items[@]}"; do
item_data="$(op get item "$uuid")"
private_key="$(echo "$item_data" | jq '.details.sections[0].fields[] | select(.t == "ssh private key") | .v' --raw-output)"
item_title="$(echo "$item_data" | jq '.overview.title' --raw-output)"
echo "Adding key $item_title..."
echo "$private_key" | ssh-add -
done
echo "Cleaning up..."
op signout
echo
echo "Done."
#!/bin/bash
function print_help {
echo "Usage: $0 -H <ssh connection url> [-n] [-k <private key>] [-t <title of new item>] [arguments to 'op signin'...]"
}
function confirm {
while true; do
read -p "$* [(continue)/skip/abort]: " answer
case $answer in
[Cc]|continue|"")
return 0
;;
[Ss]|skip)
return 1
;;
[Aa]|abort)
echo "Aborted"
exit 0
;;
esac
done
}
OPTIND=1
ssh_host=""
title=""
skip_ssh_copy_id=""
key_file=""
while getopts "hH:nk:t:" opt; do
case "$opt" in
h)
print_help
exit 0
;;
H)
ssh_host="$OPTARG"
;;
k)
key_file="$OPTARG"
;;
n)
skip_ssh_copy_id="1"
;;
t)
title="$OPTARG"
;;
esac
done
shift $((OPTIND-1))
[ "${1:-}" = "--" ] && shift
if [ -z $ssh_host ]; then
echo "Option -H is required" >&2
print_help
exit 1
fi
if [ -z "$key_file" ]; then
echo "Creating new keypair..."
ssh-keygen -f temp_id_rsa -N "" -C "$USERNAME@$HOSTNAME -> $ssh_host" -q
else
if [ -f "$key_file" ] && [ -f "$key_file.pub" ]; then
echo "Using existing keypair $key_file and $key_file.pub"
else
echo "One of $keyfile and $keyfile.pub does not exist" >&2
exit 1
fi
fi
if confirm "Creating 1password item for keypair"; then
echo "Signing into 1password..."
eval $(op signin $@ || echo 'exit 1')
template="$(op get template Server)"
item_data="$(echo "$template" | jq '
del(.sections[1:]) |
del(.sections[0].fields[] | select(.n == "username")) |
(.sections[0].fields[] | select(.n == "url")) |= (
. | .v |= $url
) |
(.sections[0].fields[] | select(.n == "password")) |= (
. | .t = "ssh private key" | .v = $private_key
) |
.sections[0].fields += [{
k: "string",
t: "ssh public key",
v: $public_key
}]' \
--arg url "$ssh_host" \
--rawfile private_key temp_id_rsa \
--rawfile public_key temp_id_rsa.pub
)"
echo "$item_data"
if confirm "Saving this new item in 1password"; then
encoded_item_data="$(echo "$item_data" | op encode)"
op create item Server --title "${title:-$ssh_host}" "$encoded_item_data"
fi
fi
if [ -z "$skip_ssh_copy_id" ]; then
if confirm "Adding public key to remote"; then
ssh-copy-id -i temp_id_rsa "$ssh_host"
fi
else
echo "Skipping adding key to remote (-n set)"
fi
if confirm "Adding key to ssh-agent"; then
cat temp_id_rsa | ssh-add -
fi
echo "Cleaning up..."
rm temp_id_rsa temp_id_rsa.pub
op signout
echo
echo "Done! To get your keys on another machine, use the accompanying add-identnties script."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment