User Tools

Site Tools


osx:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
osx:start [2019/05/23 09:33]
robm [GPG with remote forwarding]
osx:start [2019/05/23 09:33]
robm [GPG with remote forwarding]
Line 910: Line 910:
 My (initial) use-case is to allow docker on a remote host to store login my login credentials (so I can push/pull images when working), but not store secrets on that hose. THe default behaviour is to store my password in plain text, which is unacceptable. My (initial) use-case is to allow docker on a remote host to store login my login credentials (so I can push/pull images when working), but not store secrets on that hose. THe default behaviour is to store my password in plain text, which is unacceptable.
  
-So I opted to use [[docker credentials management|https://docs.docker.com/engine/reference/commandline/login/#credentials-store]] and [[https://www.passwordstore.org/|pass]]. The ''pass'' tool uses GPG to encrypt and decrypt passwords. If I use GPG the traditional way (with secret keys in my $HOME directory) I've not gained any security: the encrypted password and and the decryption key are on the same host!+So I opted to use [[https://docs.docker.com/engine/reference/commandline/login/#credentials-store|docker credentials management]] and [[https://www.passwordstore.org/|pass]]. The ''pass'' tool uses GPG to encrypt and decrypt passwords. If I use GPG the traditional way (with secret keys in my $HOME directory) I've not gained any security: the encrypted password and and the decryption key are on the same host!
  
 So I want to use GPG agent forwarding to allow ''pass'' to decrypt secrets while I am connected and working, without the decryptions keys ever leaving my laptop. So I want to use GPG agent forwarding to allow ''pass'' to decrypt secrets while I am connected and working, without the decryptions keys ever leaving my laptop.
osx/start.txt · Last modified: 2022/05/13 13:19 by robm