This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
osx:start [2019/05/22 15:10] robm [GPG with remote forwarding] |
osx:start [2019/05/23 09:33] robm [GPG with remote forwarding] |
||
---|---|---|---|
Line 905: | Line 905: | ||
====== GPG with remote forwarding ====== | ====== GPG with remote forwarding ====== | ||
+ | |||
+ | GPG Agent forwarding allows a remote system to access secrets held in your local system via an SSH tunnel. When you are not connected to the remote system, it cannot access your secrets, and if the remote system is compromised your secrets are not (since they are never stored on it). | ||
+ | |||
+ | My (initial) use-case is to allow docker on a remote host to store login my login credentials (so I can push/pull images when working), but not store secrets on that hose. THe default behaviour is to store my password in plain text, which is unacceptable. | ||
+ | |||
+ | So I opted to use [[https:// | ||
+ | |||
+ | So I want to use GPG agent forwarding to allow '' | ||
Overview (notes to follow, I hope): | Overview (notes to follow, I hope): |