forked from kalipso/infrastructure
Changed the keepass db to sops in add_new_key script
This commit is contained in:
ahtlon
@@ -1,7 +1,5 @@
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
|
||||
dbpath="./machines/secrets/keys/itag.kdbx"
|
||||
#set -o pipefail
|
||||
|
||||
if [ ! -e flake.nix ]
|
||||
then
|
||||
@@ -18,61 +16,32 @@ if [ ! -e flake.nix ]
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "$1" = "list" ]; then
|
||||
read -sp "Enter password for keepassxc: " pw
|
||||
echo "$pw" | keepassxc-cli ls -R $dbpath hosts
|
||||
exit 0
|
||||
|
||||
elif [ "$1" = "add" ]; then
|
||||
read -p "Enter new host name: " host
|
||||
read -sp "Enter password for keepassxc: " pw
|
||||
read -p "Enter new host name: " host
|
||||
|
||||
# Create a temporary directory
|
||||
temp=$(mktemp -d)
|
||||
if [ "$host" = "" ]; then exit 0
|
||||
fi
|
||||
|
||||
# Function to cleanup temporary directory on exit
|
||||
cleanup() {
|
||||
rm -rf "$temp"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
mkdir -p machines/secrets/keys/itag/$host
|
||||
cd machines/secrets/keys/itag/$host
|
||||
|
||||
# Generate SSH keys
|
||||
ssh-keygen -f $temp/"$host" -t ed25519 -N ""
|
||||
ssh-keygen -f $temp/"$host"-init -t ed25519 -N ""
|
||||
# Generate SSH keys
|
||||
ssh-keygen -f "$host" -t ed25519 -N ""
|
||||
ssh-keygen -f "$host"-init -t ed25519 -N ""
|
||||
|
||||
ls $temp
|
||||
#encrypt the private keys
|
||||
sops -e -i ./"$host"
|
||||
sops -e -i ./"$host"-init
|
||||
|
||||
# add folder
|
||||
echo "$pw" | keepassxc-cli mkdir $dbpath hosts/$host
|
||||
#generate encryption key
|
||||
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > encryption.txt
|
||||
sops -e -i ./encryption.txt
|
||||
|
||||
# add entries
|
||||
echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey
|
||||
echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey-init
|
||||
echo "$pw" | keepassxc-cli add -glUn -L 20 $dbpath hosts/$host/encryption
|
||||
# Info
|
||||
echo
|
||||
echo "Hier ist der age public key für sops etc:"
|
||||
echo "$(ssh-to-age -i ./$host.pub)"
|
||||
echo
|
||||
echo "Hier ist eine reproduzierbare mac-addresse:"
|
||||
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
||||
|
||||
# Import keys
|
||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey private "$temp/$host"
|
||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey public "$temp/$host.pub"
|
||||
|
||||
# Import init keys
|
||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init private "$temp/$host-init"
|
||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init public "$temp/$host-init.pub"
|
||||
|
||||
|
||||
|
||||
# Info
|
||||
echo
|
||||
echo "Hier ist der age public key für sops etc:"
|
||||
echo "$(ssh-to-age -i $temp/$host.pub)"
|
||||
echo
|
||||
echo "Hier ist eine reproduzierbare mac-addresse:"
|
||||
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
||||
|
||||
exit 0
|
||||
|
||||
else
|
||||
echo
|
||||
echo "Add a new host to the DB and generate ssh keys and encryption key."
|
||||
echo "Usage: $0 [list|add]"
|
||||
exit 1
|
||||
fi
|
||||
exit 0
|
||||
Reference in New Issue
Block a user