search

notaryproject / notary

Notary is a project that allows anyone to have trust over arbitrary collections of data
Apache License 2.0
3.24k stars 511 forks source link

integrate with ssh-agent #758

Open andrewhsu opened 8 years ago

andrewhsu commented 8 years ago

Currently, the private keys used to sign images are on the disk as a file somewhere under ~/.docker/trust. Would be nice to leverage ssh-agent for accessing the keys. This would allow a docker push operation to proceed without prompting the user for the passphrase to access the private keys.

Some technical notes related to the topic:

cyli commented 8 years ago

Also related, docker recently merged external credential stores for storing passwords: https://github.com/docker/docker/pull/20107/

I'm not sure this actually stores private key material but possibly key passwords can be kept in these external stores as well.

endophage commented 8 years ago

Not sure if the ssh agent is the right thing here but something like a gpg agent integration might be. SSH runs the risk of key enumeration by remote servers which might be relevant if somebody is using private repositories (public notary repositories enable all public keys to be discovered via the notary metadata).

https://blog.filippo.io/ssh-whoami-filippo-io/