Conjur Pubkeys Asset

API and CLI for storing public keys for terminal login.

The pubkeys service stores public keys using conjur. It provides methods to fetch keys or key names, and to add and remove keys.

Key Format

Public keys are added and fetched in the openssh format:

<algorithm> <key> <name>

Example:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNLVA3D1VpH/yVST0v\
4Mj+eAGM5dMNTpv5i/PyvUEGc3r2I8DZNq/icyCoZJlAeR10b13OGHTn2\
ubu3OeJz5vAJSbZr6QT6V1wKoX8b2g0DR8RcShUWJ8cPeY6wI9eh9F778\
aY0gkF2YpU62YWRri4K2kQwROQznhfNsgUAj4F2hs8C1T8MElaz2Ux8eg\
o7Lc2V6sHxsLpz8a08rEjGXm5vRgaVlKY1vzBUDtkQrYvm+cPfW/dVwiB\
Ujl73T0vrbcgy7u7AlMqenMjQzoJXzY5kRnPUQOhHpZZ/9gw8YG2PutVy\
AufTXIGibGoGdBLzYltJEfQAEEPTovwZdBWNFT5 [email protected]

When storing public keys, the name field from the public key data is used to uniquely identify the key among a user's keys.

CLI Usage

The pubkeys:add command can be used to upload public keys. It accepts the key data in the following forms:

  • conjur pubkeys:add username "key data string" - Use the contents of the second argument as the key.
  • conjur pubkeys:add username @key_file_name.pub - Use the contents of the given file.
  • conjur pubkeys:add username - Read the key from the standard input.

To delete a public key, use the pubkeys:delete command:

conjur pubkeys:delete username key-name

To dump all of a user's public keys, one per line, use pubkeys:show:

conjur pubkeys:show username

To show only the names of public keys for a user, use pubkeys:names:

conjur pubkeys:names username

Note that the pubkeys:show command can be acheived using curl as well, which is often preferable, since you don't need to be logged in to conjur to show a user's public keys (they're public, after all!).

curl https://pubkeys.example.com/public_keys/username

Permissions

To add or remove keys, you must have permission to update the resource representing the pubkeys service.

Installation

Add this line to your application's Gemfile:

gem 'conjur-asset-pubkeys'

And then execute:

$ bundle

Or install it yourself as:

$ gem install conjur-asset-pubkeys

Usage

TODO: Write usage instructions here

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request