diff options
-rw-r--r-- | README | 48 | ||||
-rwxr-xr-x | keyringer | 43 | ||||
-rw-r--r-- | lib/keyringer/functions | 28 | ||||
-rwxr-xr-x | share/keyringer/newkeys | 1 |
4 files changed, 94 insertions, 26 deletions
@@ -21,7 +21,7 @@ Installation Just clone - git clone git://git.sarava.org/keyringer.git + git clone git://git.sarava.org/keyringer.git And then leave it somewhere, optionally adding it to your $PATH environment variable. You can also package it to your preferred distro. @@ -33,7 +33,7 @@ The first step will would like to take is to setup a keyring. Keyringer suport management of multiple isolated keyrings. To start a new keyring (or register an existing one at your config file), type - keyringer <keyring> init <path> [remote] + keyringer <keyring> init <path> [remote] This will @@ -42,7 +42,7 @@ This will For example, - keyringer friends init $HOME/keyrings/friends + keyringer friends init $HOME/keyrings/friends will create an alias "friends" pointing to $HOME/keyrings/friends. Call all other keyring actions using this alias. @@ -50,44 +50,44 @@ other keyring actions using this alias. If there is an existing remote keyring repository and you just want to checkout it, use - keyringer friends init $HOME/keyrings/friends <repository-url> + keyringer friends init $HOME/keyrings/friends <repository-url> Managing recipients ------------------- Your next step is tell keyringer the GPG key ids to encrypt files to: - keyringer <keyring> recipients edit - keyringer <keyring> recipients ls + keyringer <keyring> recipients edit + keyringer <keyring> recipients ls Encrypting a key ---------------- - keyringer <keyring> encrypt <file> + keyringer <keyring> encrypt <file> Decrypting a key (only to stdout) --------------------------------- - keyringer <keyring> decrypt <file> + keyringer <keyring> decrypt <file> Re-encrypting a key ------------------- - keyringer <keyring> recrypt <file> + keyringer <keyring> recrypt <file> Listing keys ------------ - keyringer <keyring> ls [arguments] + keyringer <keyring> ls [arguments] Git wrapper ----------- Keyringer comes with a simple git wrapper to ease common management tasks: - keyringer <keyring> git remote add keyringer <url> - keyringer <keyring> git push keyringer master - keyringer <keyring> git pull + keyringer <keyring> git remote add keyringer <url> + keyringer <keyring> git push keyringer master + keyringer <keyring> git pull Managing puppet node keys ------------------------- @@ -95,13 +95,25 @@ Managing puppet node keys Keyringer is able to manage node keys for puppet nodes. First add the puppet main and key folders into your keyring configuration: - keyringer <keyring> options add PUPPET=/path/to/puppet/config - keyringer <keyring> options add PUPPET_KEYS=/path/to/puppet/keys + keyringer <keyring> preferences add PUPPET=/path/to/puppet/config + keyringer <keyring> preferences add PUPPET_KEYS=/path/to/puppet/keys Then you just need to issue the following command every time you have to create keys for new nodes: - keyringer <keyring> newkeys puppet + keyringer <keyring> newkeys puppet + +Configuration files, preferences and options +-------------------------------------------- + + 1. Main config file: $HOME/.keyringer/config: store the location of + each keyring. + + 2. User preferences per keyring: $HOME/.keyringer/<keyring>: managed by + "keyringer <keyring> preferences". + + 3. Custom keyring options: $KEYRING_FOLDER/config/options: managed by + "keyringer <keyring> options". Notes ----- @@ -165,11 +177,11 @@ Notes: Using with GNU Privacy Guard Exporting public keys: - gpg --armor --export <keyid> + gpg --armor --export <keyid> Exporting private keys (take care): - gpg --armor --export-secret-keys + gpg --armor --export-secret-keys TODO ---- @@ -95,25 +95,50 @@ function keyringer_dispatch { fi } +function keyringer_preferences { + COMMAND="$3" + + if [ -z "$COMMAND" ]; then + echo "Usage: keyringer <keyring> `basename $0` <command> [arguments]" + exit 1 + fi + + # Create options file if old repository + if [ ! -e "$PREFERENCES" ]; then + echo "Creating preferences file..." + touch $PREFERENCES + fi + + if [ "$COMMAND" == "ls" ]; then + cat $PREFERENCES + elif [ "$COMMAND" == "edit" ]; then + $EDITOR $PREFERENCES + elif [ "$COMMAND" == "add" ]; then + shift 3 + echo $* >> $PREFERENCES + else + echo "$BASENAME: No such command $COMMAND" + exit 1 + fi +} + # Config NAME="keyringer" -CONFIG="$HOME/.$NAME" +CONFIG="$HOME/.$NAME/config" BASENAME="`basename $0`" KEYRING="$1" ACTION="$2" ACTIONS="`dirname $0`/share/$NAME" +# Export preferences for other scripts +export PREFERENCES="`dirname $CONFIG`/$KEYRING" + # Load functions LIB="`dirname $0`/lib/$NAME/functions" source $LIB -if [ ! -e "$CONFIG" ]; then - echo "Creating $CONFIG..." - touch $CONFIG - chmod 600 $CONFIG - echo "# Keyringer config file." > $CONFIG - echo "" >> $CONFIG -fi +# Setup main configuration and load preferences +keyringer_config_load if [ -z "$ACTION" ]; then echo "Usage: $BASENAME <keyring> <action> [arguments]" @@ -122,6 +147,8 @@ fi if [ "$ACTION" == "init" ]; then keyringer_init $* +elif [ "$ACTION" == "preferences" ]; then + keyringer_preferences $* elif keyringer_has_action $ACTION; then keyringer_dispatch $* else diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 19d677f..af84212 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -3,6 +3,34 @@ # Common functions. # +# Setup main configuration and load preferences +function keyringer_config_load { + if [ -f "$HOME/.$NAME" ]; then + echo "Converting legacy configuration scheme..." + mv $HOME/.$NAME $HOME/.$NAME.tmp + mkdir $HOME/.$NAME + mv $HOME/.$NAME.tmp $CONFIG + fi + + if [ ! -e "$CONFIG" ]; then + echo "Creating $CONFIG..." + mkdir `dirname $CONFIG` + touch $CONFIG + chmod 600 $CONFIG + echo "# Keyringer config file." > $CONFIG + echo "" >> $CONFIG + fi + + keyringer_config_load_preferences +} + +function keyringer_config_load_preferences { + # Load custom keyring preferences + if [ ! -z "$PREFERENCES" ] && [ -e "$PREFERENCES" ]; then + source $PREFERENCES + fi +} + # Load a parameter from config function keyringer_config { if [ -z "$CONFIG" ]; then diff --git a/share/keyringer/newkeys b/share/keyringer/newkeys index 16bf218..14fcfd1 100755 --- a/share/keyringer/newkeys +++ b/share/keyringer/newkeys @@ -54,6 +54,7 @@ elif [ ! -f "$OPTIONS" ]; then fi source $OPTIONS +keyringer_config_load_preferences if [ -z "$PUPPET_KEYS" ]; then PUPPET_KEYS="$PUPPET/files/keys" |