well, that's where secstore comes in for some of us. one of my lib/profile
contains
this ancient section
auth/factotum
fn secstore{
{auth/secstore -G factotum -s $1 | read -m >/mnt/factotum/ctl} &&
fn secstore {}
}
for(a in $SECSTORE1 $SECSTORE2){
secstore $a
}
where SECSTOREn hold the domain names of each secstore server I control,
with the secrets replicated. the effect is to work through each one until
one succeeds.
if I only had one, it would be just
auth/secstore -G factotum -s THESERVERNAME | read -m >/mnt/factotum/ctl
it fetches the keys from a file "factotum" on a secstore server, securely
subject to cinap, and read -m puts
them one at a time into factotum. auth/secstore will prompt for the
secstore password.
On Fri, 20 Dec 2024 at 19:46, Clay Ayers - thedaemon via 9fans <
9fans@9fans.net> wrote:
> I still haven't managed to understand how to get my keys into factotum
> without having to manually push them each time. I have a script that runs
> the echo 'key proto', etc to /mnt/factotum/ctl for all of my passwords, but
> it's in an unencrypted text file. The instructions don't make sense to me
> on how to get this to work. I added this reply here because I think it's
> relevant..?
> *9fans <https://9fans.topicbox.com/latest>* / 9fans / see discussions
> <https://9fans.topicbox.com/groups/9fans> + participants
> <https://9fans.topicbox.com/groups/9fans/members> + delivery options
> <https://9fans.topicbox.com/groups/9fans/subscription> Permalink
> <https://9fans.topicbox.com/groups/9fans/T2e892f330bc0513b-M65b7a28a8d630fb4fa20368c>
>
------------------------------------------
9fans: 9fans
Permalink:
https://9fans.topicbox.com/groups/9fans/T2e892f330bc0513b-M8bc73f2fe56b3b32b19f0a9c
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
