-
Notifications
You must be signed in to change notification settings - Fork 22
SSH Login & Git Commit Signing
Goldwarden can store SSH keys in your Bitwarden and serve them directly via the ssh-agent protocol.
goldwarden_ssh.webm
To get started, you need to configure your SSH_AUTH_SOCK environment variable to use Goldwarden's SSH socket:
SSH_AUTH_SOCK=~/.goldwarden-ssh-agent.sock
Disable your openssh Windows service as described here: https://developer.1password.com/docs/ssh/get-started/#step-4-configure-your-ssh-or-git-client
Next, restart your goldwarden daemon. That's it.
SSH_AUTH_SOCK=~/.var/app/com.quexten.Goldwarden/data/ssh-auth-sock
This should be done in your .bashrc or .zshrc file in order to be available whenever you use your terminal. This also works with other tools using the SSH socket, such as VSCode.
To create an SSH key and store it in your vault, you can run:
goldwarden ssh add --name <name>
You can then list your SSH keys:
goldwarden ssh list
or
ssh-add -L
Internally, this is stored as a Bitwarden secure note with the following custom fields:
custom-type: ssh-key
private-key: <contents of id_ed25519> (hidden field)
public-key: <contents of id_ed25519.pub>
You can use this to import existing keys. Password-protected keyfiles are currently not supported.
goldwarden_git.webm
If you want to sign your git commits using an SSH key from your vault, you need to edit your ~/.gitconfig
:
[user]
email = <your email>
name = <your name>
signingKey = <your public key>
[commit]
gpgsign = true
[gpg]
format = ssh
When you do a commit, Goldwarden will prompt you to verify (using system authentication or biometrics) and sign your git commit.