[Gllug] Gnome-keyring console application
Philip Hands
phil at hands.com
Wed Jan 19 23:15:14 UTC 2011
On Wed, 19 Jan 2011 15:35:30 +0000, Henrik Bilar <henrik at bilar.co.uk> wrote:
>
> Does anyone know of a way to manipulate gnome-keyring keys from the
> console, i.e. without having to run gnome-keyring or similar X apps?
>
> I want to store svn keys in an encrypted keyring somehow, but as it's
> used in an automated build script, i can't rely on X apps. Also,
> developers who do not run X will log in to the machine using SSH to
> initiate builds etc.
I'd suggest that you're looking for the wrong solution to your problem.
Would it not be better to have single purpose keys, that are restricted
to doing the things that are required by the build script (see the
command= option in authorized_keys), and lock those keys down to doing
just that, so that if the keys are stolen, they don't give the attacker
very much anyway, and are easy to cancel without locking the real users
out.
This may also have relevant suggestions:
http://wiki.hands.com/howto/passphraseless-ssh/
Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/
|-| HANDS.COM Ltd. http://www.uk.debian.org/
|(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20110119/289b24da/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list