Skip to content

Instantly share code, notes, and snippets.

@davidblewett
Last active December 12, 2021 11:12
Show Gist options
  • Star 21 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save davidblewett/53047c4c7757b663c11b to your computer and use it in GitHub Desktop.
Save davidblewett/53047c4c7757b663c11b to your computer and use it in GitHub Desktop.
Allow storage of SSH private keys in LastPass, and use lpass CLI to retrieve and load into ssh-agent. The general idea is to store the private key armored ASCII in an "SSH Key" Secure Note, in a specific folder (i.e.: "Secure Notes\SSH" ).
#!/bin/sh
#
# Import all SSH keys from LP
#
PREFIX=~
SSH_ASKPASS=$PREFIX/bin/lp-askpass.sh
export SSH_ASKPASS
# This is needed to force ssh-add to honor our SSH_ASKPASS.
DISPLAY=foo
export DISPLAY
CONTAINER="Secure Notes\SSH"
# For some reason, lpass ls includes the folder's ID
CONTAINER_ID=4532168026
for key_id in `lpass ls "${CONTAINER}" | grep -v $CONTAINER_ID | awk '{print substr($4, 0, length($4))}'`; do
KEY_ID=$key_id
export KEY_ID
# lpass currently doesn't have a way of displaying individual fields from
# an "SSH Key" Secure note. So here we grep everything but the final Notes field,
# that has the ASCII armor private key with a leading carriage return
# setsid is needed to force ssh-add to honor our SSH_ASKPASS.
$PREFIX/lpass show --notes $key_id | setsid ssh-add /dev/stdin
done
#!/bin/sh
PREFIX=~/bin
if [ -z "$KEY_ID" ]; then
exit 1
fi
$PREFIX/lpass show --field Passphrase $KEY_ID
@bcopeland
Copy link

Cool idea - here's my version for 0.5.0:

https://gist.github.com/bcopeland/3cabf6ff3fe94fcbd566

@bcopeland
Copy link

Also - would be good to know why it shows container id - could you post a snippet of your 'lpass ls' output?

@davidblewett
Copy link
Author

riva% lpass ls "Secure Notes\SSH"
Secure Notes\SSH
    ckb.privkey [id: 4535886926]
    id_rsa_csoc [id: 4535876406]
    id_rsa_cs [id: 4535866126]
    id_dsa [id: 4535830506]
    csoc-prod [id: 4532240616]
 [id: 4532168026]

riva% lpass ls "Secure Notes\SSH" | less
 [id: 4532168026]
Secure Notes\SSH/csoc-prod [id: 4532240616]
Secure Notes\SSH/id_dsa [id: 4535830506]
Secure Notes\SSH/id_rsa_cs [id: 4535866126]
Secure Notes\SSH/id_rsa_csoc [id: 4535876406]
Secure Notes\SSH/ckb.privkey [id: 4535886926]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment