Our great sponsors
-
passage
A fork of password-store (https://www.passwordstore.org) that uses age (https://age-encryption.org) as backend.
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Your network is MitM’d by some incompetently operated security product. https://github.com/FiloSottile/age/issues/370
We designed the plugin protocol (https://hackmd.io/@str4d/age-plugin-spec) and generally the age recipient/identity structure specifically to enable the use of hardware or remote keys!
For example, https://github.com/str4d/age-plugin-yubikey makes it very easy to use PIV tokens, including YubiKeys, with age. (Well, for now with rage, since plugin support is coming in age v1.1.0.)
I argue against password-protecting keys by default because, unlike using hardware tokens, it doesn't protect against many threat models.