Open pjriot opened 7 years ago
Thanks for the suggestion. This is definitely a good idea. One option to accomplish this would be to extend the fwknop client to accept the entire ~/.fwknoprc file via stdin (or other file descriptor), and encrypt this file with gpg. Then, you could use 'gpg -d' to decrypt it and pass the output to fwknop. Until this is fully implemented, fwknop does support accepting the Rijndael key by itself via stdin. So, you could do something like:
$ gpg -d encrypted_spa_key.gpg | fwknop --stdin -D somehost -R -A tcp/22
Hey Michael,
Ah, I missed the --stdin flag - this is very helpful, thanks.
Accepting configuration via an fd (and thus allowing for a fully encrypted config) would be great!
Hi folks,
Tools like isync allow you to specify a command from which it will read your credentials. (see PassCmd) This allows for encrypting a file containing your mail server password with gpg and having gpg-agent manage access to the key. It would be great to see a similar feature in fwknop.