(A very short) auth validity time (eg. for Ansible)

[ambis]

Scenario:

• Multiple VM's
• Being configured via ansible
• All hosts use the same ssh public key

When running ansible-playbook, Secretive will ask to auth (=tap touch id) key usage for each host. I have to tap Touch ID multiple times successively to auth every usage of the key for each server. Apple Watch stops asking auths after 3 servers.

If Secretive had a way to configure (per key) for how many seconds/milliseconds the user auth is valid for consecutive usages for the key, that would allow ansible to ask auth once, and then for the next few seconds, it would get auths for all uses of the key automatically.

To clarify: Once a server's usage for a key is auth'd, it won't ask it again for the duration of ansible-playbook doing it's thing.

[maxgoedjen]

@ambis unfortunately this is all controlled by the SEP itself, and I'm not aware of any way to configure this behavior. The best solution for this use case is probably a key that doesn't require authentication. If Apple ever exposes a way to configure this behavior, I plan on adding it.

[maxgoedjen]

Duping this out to #251, but I played around with this a little bit more today and might have a path forward (although it has some security implications I need to consider and that I'll discuss in that thread).