Changed the keepass db to sops in add_new_key script
This commit is contained in:
ahtlon
@@ -95,3 +95,10 @@ creation_rules:
|
|||||||
- *admin_kalipso_dsktp
|
- *admin_kalipso_dsktp
|
||||||
age:
|
age:
|
||||||
- *admin_atlan
|
- *admin_atlan
|
||||||
|
- path_regex: secrets/keys/itag/.*/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_kalipso
|
||||||
|
- *admin_kalipso_dsktp
|
||||||
|
age:
|
||||||
|
- *admin_atlan
|
||||||
@@ -1,7 +1,5 @@
|
|||||||
set -o errexit
|
set -o errexit
|
||||||
set -o pipefail
|
#set -o pipefail
|
||||||
|
|
||||||
dbpath="./machines/secrets/keys/itag.kdbx"
|
|
||||||
|
|
||||||
if [ ! -e flake.nix ]
|
if [ ! -e flake.nix ]
|
||||||
then
|
then
|
||||||
@@ -18,61 +16,32 @@ if [ ! -e flake.nix ]
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$1" = "list" ]; then
|
read -p "Enter new host name: " host
|
||||||
read -sp "Enter password for keepassxc: " pw
|
|
||||||
echo "$pw" | keepassxc-cli ls -R $dbpath hosts
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
elif [ "$1" = "add" ]; then
|
if [ "$host" = "" ]; then exit 0
|
||||||
read -p "Enter new host name: " host
|
|
||||||
read -sp "Enter password for keepassxc: " pw
|
|
||||||
|
|
||||||
# Create a temporary directory
|
|
||||||
temp=$(mktemp -d)
|
|
||||||
|
|
||||||
# Function to cleanup temporary directory on exit
|
|
||||||
cleanup() {
|
|
||||||
rm -rf "$temp"
|
|
||||||
}
|
|
||||||
trap cleanup EXIT
|
|
||||||
|
|
||||||
# Generate SSH keys
|
|
||||||
ssh-keygen -f $temp/"$host" -t ed25519 -N ""
|
|
||||||
ssh-keygen -f $temp/"$host"-init -t ed25519 -N ""
|
|
||||||
|
|
||||||
ls $temp
|
|
||||||
|
|
||||||
# add folder
|
|
||||||
echo "$pw" | keepassxc-cli mkdir $dbpath hosts/$host
|
|
||||||
|
|
||||||
# add entries
|
|
||||||
echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey
|
|
||||||
echo "$pw" | keepassxc-cli add $dbpath hosts/$host/sshkey-init
|
|
||||||
echo "$pw" | keepassxc-cli add -glUn -L 20 $dbpath hosts/$host/encryption
|
|
||||||
|
|
||||||
# Import keys
|
|
||||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey private "$temp/$host"
|
|
||||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey public "$temp/$host.pub"
|
|
||||||
|
|
||||||
# Import init keys
|
|
||||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init private "$temp/$host-init"
|
|
||||||
echo "$pw" | keepassxc-cli attachment-import $dbpath hosts/$host/sshkey-init public "$temp/$host-init.pub"
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Info
|
|
||||||
echo
|
|
||||||
echo "Hier ist der age public key für sops etc:"
|
|
||||||
echo "$(ssh-to-age -i $temp/$host.pub)"
|
|
||||||
echo
|
|
||||||
echo "Hier ist eine reproduzierbare mac-addresse:"
|
|
||||||
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
else
|
|
||||||
echo
|
|
||||||
echo "Add a new host to the DB and generate ssh keys and encryption key."
|
|
||||||
echo "Usage: $0 [list|add]"
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
mkdir -p machines/secrets/keys/itag/$host
|
||||||
|
cd machines/secrets/keys/itag/$host
|
||||||
|
|
||||||
|
# Generate SSH keys
|
||||||
|
ssh-keygen -f "$host" -t ed25519 -N ""
|
||||||
|
ssh-keygen -f "$host"-init -t ed25519 -N ""
|
||||||
|
|
||||||
|
#encrypt the private keys
|
||||||
|
sops -e -i ./"$host"
|
||||||
|
sops -e -i ./"$host"-init
|
||||||
|
|
||||||
|
#generate encryption key
|
||||||
|
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > encryption.txt
|
||||||
|
sops -e -i ./encryption.txt
|
||||||
|
|
||||||
|
# Info
|
||||||
|
echo
|
||||||
|
echo "Hier ist der age public key für sops etc:"
|
||||||
|
echo "$(ssh-to-age -i ./$host.pub)"
|
||||||
|
echo
|
||||||
|
echo "Hier ist eine reproduzierbare mac-addresse:"
|
||||||
|
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
||||||
|
|
||||||
|
exit 0
|
||||||
Reference in New Issue
Block a user