Comment by throwup238

Comment by throwup238 2 days ago

0 replies

View on Hacker News

1Password with their SSH agent [1] for SSH keys, their CLI [2] for local secrets, and their terraform provider with service tokens for infrastructure keys/secrets. Yubikey for the secrets I’m most paranoid about.

You can essentially encrypt all environment variables, not just SSH keys, by aliasing your terminal commands to the 1password CLI. I have a “secrets” repo where all dotenv files are checked in with values like “op://vault-name/secret-name/key-name” that get injected by the op cli.

[1] https://developer.1password.com/docs/ssh/agent/

[2] https://developer.1password.com/docs/cli/get-started/