paepcke.de/gitkeys log-store : paepcke.de/keys
git ssh keys logging , stupid simple, fast, local
- perfect companion for age-encryption (have always up-to-date trusted keys)
- easy to use & review (hash/checksum/protected) clear text database files
- verify all [ssh-key] signed commits, tags, files - yourself, locally, offline
- all files are add/append only: we never remove any entries from keys, keys.urls or keys.log
- all key sets in the keyfile (and the keyfile itself) is protected by (chained) sha512 hash checksums (wip:signatures)
- 100 % pure go, 100 % pure stdlib only, no external dependencies
go install paepcke.de/gitkeys/cmd/gitkeys@latest
github.com/paepckehh/gitkeys/releases
GITSTORE="/usr/store/git" gitkeys fetch
[gitkeys] SSH Key Transparency Log : Mode Check [CheckInteg] [AddLocal] [CleanRewrite]
[gitkeys] key file stats : /usr/store/git/.keys => owner total : 1117
[gitkeys] url file stats : /usr/store/git/.keys.urls => urls total : 1926
[gitkeys] scan local store for urls : /usr/store/git
[gitkeys] writing clean key file : /usr/store/git/.keys
[gitkeys] writing clean url file : /usr/store/git/.keys.urls
echo "https://github.com/klauspost" > /usr/store/git/.keys.urls
GITSTORE="/usr/store/git" gitkeys fetch
[...]
GITSTORE="/usr/store/git" gitkeys fetch
[...]
GITSTORE="/usr/store/git" gitkeys
[...]
HTTPS_PROXY="proxy.bigCorp.local" SSL_CERT_FILE="/etc/ssl/bigCorpProxy.pem" GITSTORE="/usr/store/git" gitkeys fetch
[...]
Yes, Please! PRs Welcome!