Closed halostatue closed 2 years ago
This could be solved by SecretAgent
acting as a regular agent for keys it isn’t aware of (if possible) or by making it possible to import keys into SecretAgent
. Until then, I think that I’m going to need to uninstall / disable Secretive 😞.
This is one more place where #4 would be useful.
Unfortunately for this purpose, as part of the design of the Secure Enclave, it's not possible to import or export keys, so ssh-add won't work (and isn't even implemented in the app).
I know the design of Secret Enclave makes it impossible to import keys into the secret-enclave, but this would not be importing keys into secret-enclave, rather just have the secretive-provided ssh-agent also read and present normal disk-based ssh-keys in addition the the keys that exists in the enclave/yubikey.
The workaround today is to have another ssh-agent running in addition and point different hosts to different IdentityAgent
's in the ssh-config file. But that is a bit clumsy.
It really would be cool if Secretive's agent would fall back to the disk-based keys.
This would be a nice improvement to turn this into a bit more serious tool rather than just a toy.
Not being able to add ssh keys (from files) and certificates (for example from Step SSO) to the agent makes it extremely inconvenient in many scenarios since practically no one wants to configure different agent for each host.
As others pointed out already, we are talking about adding keys to the agent (memory) not the secure enclave (which is impossible).
For many reasons, I can’t fully switch to Secretive, but I like the approach it provides. Unfortunately, it doesn’t appear that the agent functionality provided by SecretAgent does not let me add externally stored keys like the standard agent does.
Ideally, I would be able to do:
But I can’t even do: