Manage SSH keys

app:all

#1

The ‘other’ kind of authentication I find myself having to manage is ssh keys. In a perfect world, there would be some mechanism that I could trust to generate a long key, store the key pair on the origin machine only (and back them up to a secure vault) and distribute the public key to the servers I nominate.

Having some central control over this would certainly help preserve (what remains of) my sanity:

  1. just by managing the files themselves, and their secure delivery to servers. Making this easier reduces the urge to slip into the bad habit of reusing key pairs. Automating the ‘best practices’ means they’re much more likely to be followed.

  2. being able to invalidate keys at a stroke would do much to mitigate the lack of passphrases on keys (e.g. the situation where a laptop is stolen - open the Bitwarden app on your smartphone and mark that key pair as revoked).

  3. the ability to externally impose an ‘expiration’ period on keys. Bonus points for automatic rotation of keys on a schedule, so it ‘just happens’ without manual intervention.

This is a pain-point for me, and I expect every developer/dev ops/infosec person out there.

  • Paul

#2

I would love to add SSH keys and X.509 certificates to my vault. I can add them as attachments now, but a built-in solution would be pretty sweet.