Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Would it be possible to use a yubikey as the secret key? #156

Closed
Ninlives opened this issue Jan 21, 2022 · 8 comments
Closed

Would it be possible to use a yubikey as the secret key? #156

Ninlives opened this issue Jan 21, 2022 · 8 comments

Comments

@Ninlives
Copy link
Contributor

I'm currently using a ssh key for my sops configuration and I'm wondering if it is possible to use a yubikey instead. Does anyone have a example configuration? Will it work? One thing I'm not sure is that whether the yubikey will be usable during boot.
@Mic92
Copy link
Owner

Mic92 commented Jan 23, 2022

You can set up a gnupg home and set it up to import your yubikey there following instructions on the internet.
Than set this in sops: https://github.com/Mic92/sops-nix#use-with-gpg-instead-of-ssh-keys
It is important however that gpg home is owned by root because this is what gnupg expects.
You might want to adjust the touch policy if this should work unintended...
I personally would just encrypt my partition instead, which seems overall less hassle

@Mic92 Mic92 closed this as completed Jan 23, 2022
@NovaViper
Copy link

I'm currently using a ssh key for my sops configuration and I'm wondering if it is possible to use a yubikey instead. Does anyone have a example configuration? Will it work? One thing I'm not sure is that whether the yubikey will be usable during boot.

Hey did you figure out how to do it? I'm actually sitting here wondering the same thing, setting the gnupg home to point to my user isn't exactly working because gpg in sudo mode can't read the keys located within the folder

@Mic92
Copy link
Owner

Mic92 commented Jul 31, 2023

I would try instead to setup a separate gnupg home just for root.

@NovaViper
Copy link

NovaViper commented Jul 31, 2023
edited
Loading

I would try instead to setup a separate gnupg home just for root.

That's the main issue.. I'm unsure how to set it up the same way as I did for the user <_>
This is mainly because Nix doesn't offer any way of configuring the gpg agent like you can with Home Manager

@Mic92
Copy link
Owner

Mic92 commented Aug 1, 2023

Is there not also a nixos module for that?

@NovaViper
Copy link

Is there not also a nixos module for that?

There is but you can't configure it not nearly as much as you can with the Home Manager module. The HomeManager module lets you configure the scdaemon for gpg but the NixOS module does not

@mairs8
Copy link

mairs8 commented May 25, 2024

can this be re-opened. i am trying the same thing and @NovaViper raises some good points.

@Mic92
Copy link
Owner

Mic92 commented May 26, 2024

We already have #377

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Mic92 @NovaViper @Ninlives @mairs8