search

fredjean / lockpick

Pulls public keys from github and drop them into a ~/.ssh/authorized_keys
MIT License
9 stars 2 forks source link

readme

Lockpick

Allowing SSH access to the members of a GitHub team.

lockpick bizcard

Overview

This script leverages GitHub's public key management as a tool to manage public ssh keys.

This makes the following assumptions:

  1. You trust the developers/individuals that have access to your code in GitHub to also have access to the servers running said code. You have much deeper problems if you dont...
  2. You trust that managing verified public key on GitHub is properly secure.
  3. The keys hosted on GitHub represent the identity of your developers and operations team.

Installation

lockpick is meant to be run as a script. You can either install it via Rubygems:

$ gem install lockpick

You may need to use sudo if you are installing against the system Ruby...

Or clone this repo:

$ git clone https://github.com/fredjean/lockpick.git

You will probably need to run bundle install if you choose that path...

Usage

lockpick is a simple script that uses the GitHub APIs to retrieve the list of verified, public ssh keys for the members of one or more teams.

All you need to do to run the lockpick script:

$ lockpick

You can also use cron to run it periodically. Adding the following line to your crontab:

5 * * * * /usr/local/rbenv/shims/lockpick

First Run

The script uses Ara's Main gem to run. It will open up an editor with a template configuration:

github:
  token: "github oauth token"
  org: myorg
  team_ids:
    - 123456
default_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyflVzdA6S6DUFs4FVID+AJ6xf6125crlB1BlacmPe+Zq25PgaVGPC9L4SlZqEkkK5NOZjhTGnoH6r33Bdb+vECh5rRxn0s37hZI1ayVtjUudaKTZD09JQSKq1q1NOno5NhOAivh1SSqwmFBpPzlo1N1YfW+HphPSkAfHgxP2bZUdvQJTK9l1WlQy2UaMEREL3G/0yfFUnOew3GfHU/B4oHYxjGN41Q/WBQ4pxSGMo5zYufKyrQqKFR+Zsdq6GN4QgwAJzS09EPZXADHyJoZ2wwJuQozQtlLxp2z5YhNTJqQVAJnswLWf/I5oKQV9wgqcQ9OfywUKynweHdPsDyXGpQ== dojo4@dojo4.com

It will then proceed to pull the keys from GitHub. The configuration is stored under ~/.lockpick/config.yml

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request