Last active
June 8, 2023 15:44
-
-
Save eritbh/5db73c1ddf9c27c425e7f4bd1f054c1c to your computer and use it in GitHub Desktop.
1password SSH identity management helpers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "Signing into 1password..." | |
eval $(op signin $@) | |
items=($(op list items | jq '.[] | select(.templateUuid == "110") | .uuid' --raw-output)) | |
for uuid in "${items[@]}"; do | |
item_data="$(op get item "$uuid")" | |
private_key="$(echo "$item_data" | jq '.details.sections[0].fields[] | select(.t == "ssh private key") | .v' --raw-output)" | |
item_title="$(echo "$item_data" | jq '.overview.title' --raw-output)" | |
echo "Adding key $item_title..." | |
echo "$private_key" | ssh-add - | |
done | |
echo "Cleaning up..." | |
op signout | |
echo | |
echo "Done." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function print_help { | |
echo "Usage: $0 -H <ssh connection url> [-n] [-k <private key>] [-t <title of new item>] [arguments to 'op signin'...]" | |
} | |
function confirm { | |
while true; do | |
read -p "$* [(continue)/skip/abort]: " answer | |
case $answer in | |
[Cc]|continue|"") | |
return 0 | |
;; | |
[Ss]|skip) | |
return 1 | |
;; | |
[Aa]|abort) | |
echo "Aborted" | |
exit 0 | |
;; | |
esac | |
done | |
} | |
OPTIND=1 | |
ssh_host="" | |
title="" | |
skip_ssh_copy_id="" | |
key_file="" | |
while getopts "hH:nk:t:" opt; do | |
case "$opt" in | |
h) | |
print_help | |
exit 0 | |
;; | |
H) | |
ssh_host="$OPTARG" | |
;; | |
k) | |
key_file="$OPTARG" | |
;; | |
n) | |
skip_ssh_copy_id="1" | |
;; | |
t) | |
title="$OPTARG" | |
;; | |
esac | |
done | |
shift $((OPTIND-1)) | |
[ "${1:-}" = "--" ] && shift | |
if [ -z $ssh_host ]; then | |
echo "Option -H is required" >&2 | |
print_help | |
exit 1 | |
fi | |
if [ -z "$key_file" ]; then | |
echo "Creating new keypair..." | |
ssh-keygen -f temp_id_rsa -N "" -C "$USERNAME@$HOSTNAME -> $ssh_host" -q | |
else | |
if [ -f "$key_file" ] && [ -f "$key_file.pub" ]; then | |
echo "Using existing keypair $key_file and $key_file.pub" | |
else | |
echo "One of $keyfile and $keyfile.pub does not exist" >&2 | |
exit 1 | |
fi | |
fi | |
if confirm "Creating 1password item for keypair"; then | |
echo "Signing into 1password..." | |
eval $(op signin $@ || echo 'exit 1') | |
template="$(op get template Server)" | |
item_data="$(echo "$template" | jq ' | |
del(.sections[1:]) | | |
del(.sections[0].fields[] | select(.n == "username")) | | |
(.sections[0].fields[] | select(.n == "url")) |= ( | |
. | .v |= $url | |
) | | |
(.sections[0].fields[] | select(.n == "password")) |= ( | |
. | .t = "ssh private key" | .v = $private_key | |
) | | |
.sections[0].fields += [{ | |
k: "string", | |
t: "ssh public key", | |
v: $public_key | |
}]' \ | |
--arg url "$ssh_host" \ | |
--rawfile private_key temp_id_rsa \ | |
--rawfile public_key temp_id_rsa.pub | |
)" | |
echo "$item_data" | |
if confirm "Saving this new item in 1password"; then | |
encoded_item_data="$(echo "$item_data" | op encode)" | |
op create item Server --title "${title:-$ssh_host}" "$encoded_item_data" | |
fi | |
fi | |
if [ -z "$skip_ssh_copy_id" ]; then | |
if confirm "Adding public key to remote"; then | |
ssh-copy-id -i temp_id_rsa "$ssh_host" | |
fi | |
else | |
echo "Skipping adding key to remote (-n set)" | |
fi | |
if confirm "Adding key to ssh-agent"; then | |
cat temp_id_rsa | ssh-add - | |
fi | |
echo "Cleaning up..." | |
rm temp_id_rsa temp_id_rsa.pub | |
op signout | |
echo | |
echo "Done! To get your keys on another machine, use the accompanying add-identnties script." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment