Marco Ricci
Add how-to for setting up an SSH key for `derivepassphrase vault`
Marco Ricci commited 423a21a at 2024-11-23 18:50:10
# Some ideas for future work
## Subcommands
(In no particular order.)
### Derivation schemes
* `spectre` (`master-password`): derive passphrases according to the "Master Password" scheme as used by the Spectre app. ([#2])
### Other functionality
* `explore-permitted-special-characters`: generate new configurations starting from a base configuration until one of them passes the "special characters" constraints.
* `rotate`: generate a new configuration suitable for passphrase rotation, compatible with the base configuration's constraints.
* `service-plugins`: manage plugins that automate certain tasks, as outlined in the notes of the queried service.
* `load-ssh-key`: if the service uses an SSH key, autoload the key from a well-known location into the SSH agent if it isn't already loaded.
`vault`-specific.
* `decrypt-notes`: decrypt OpenPGP-encrypted notes with GnuPG or Sequoia `sq`.
Open questions:
- Use an automatic, symmetric encryption key, or rely on the standard OpenPGP key store? (Do *not* use the derived service passphrase for this: the quality may be arbitrarily bad due to the passphrase constaints, and the service itself could compromise that passphrase.)
* `generate-otp`: if the service uses two-factor authentication and the configuration contains one-time password settings, call `oathtool` to obtain one or more OTPs.
May require the `decrypt-notes` plugin first.
* `manage-runit-services`: if the service contains `runit` service configuration, ensure the specified `runit` services are running concurrently, and stopped after signalling.
Typical use case is a service only accessible via VPN or SSH proxy, where the VPN/proxy would run as a `runit` service.
Open questions:
- Interface with `inotifywait` to wait for SSH control socket?
[#2]: https://github.com/the-13th-letter/derivepassphrase/issues/2
## Documentation
(Categorized as per [the diataxis framework][DIATAXIS], but otherwise in no particular order.)
[DIATAXIS]: https://diataxis.fr
### Tutorials
* [Setting up `derivepassphrase vault` from scratch for three existing accounts, with a master passphrase](tutorials/basic-setup-passphrase.md)
 
 
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX