Our great sponsors
-
Nonsense.
You have been able to clone over https since day 1 of Github and still can:
git clone https://github.com/user/repository -
Yubikey is probably the sanest cross-platform solution. Assuming you're using an updated beyond Microsoft's default version, which you'll need to get from https://github.com/PowerShell/Win32-OpenSSH/releases to have support for USB keys, of course. Hopefully MS will update their included version at some point soon.
From there, it's as simple as telling the .ssh/config file to use the key from your Yubikey and you can use the same config file on any machine you have OpenSSH.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
git-credential-manager
Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
https://github.com/GitCredentialManager/git-credential-manag... (comes bundled with Git for Windows; you can install it for macOS). SSH is also an option on both platforms, though historically a bit harder on Windows than elsewhere.
(Disclosure, two of the core maintainers of GCM are GitHub employees, though GCM's goal is to work well with any Git host.)
-
https://github.com/GitCredentialManager/git-credential-manag... (comes bundled with Git for Windows; you can install it for macOS). SSH is also an option on both platforms, though historically a bit harder on Windows than elsewhere.
(Disclosure, two of the core maintainers of GCM are GitHub employees, though GCM's goal is to work well with any Git host.)
-
To add, the best way to make it not hard for someone is to get them to use https://desktop.github.com, and hopefully they'll eventually expand their curiosity to the cli.
-
-
sshCommand = C:/utils/OpenSSH-Win64/ssh.exe
For GPG, the only things I've done is to use gpg-agent and set up a passthrough for gpg-agent to WSL2 for both OpenSSH and GPG via https://github.com/BlackReloaded/wsl2-ssh-pageant/ since I do development both natively on Windows and via WSL2.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
windows-fido-bridge
An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.
> Because AFAIK, (Fido) yubikey support is still missing.
Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.
Alternatively, use these build instruction for openssh with FIDO for windows:
https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...
> Using either the PKCS#11 support or the gpg applet requires some extra piece of software
For those wanting to do that, here are some ways:
Using a premade dll:
https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...
Or with a middleware:
https://github.com/mgbowen/windows-fido-bridge
Using the Hello API:
https://github.com/tavrez/openssh-sk-winhello
Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.
-
openssh-sk-winhello
A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
> Because AFAIK, (Fido) yubikey support is still missing.
Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.
Alternatively, use these build instruction for openssh with FIDO for windows:
https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...
> Using either the PKCS#11 support or the gpg applet requires some extra piece of software
For those wanting to do that, here are some ways:
Using a premade dll:
https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...
Or with a middleware:
https://github.com/mgbowen/windows-fido-bridge
Using the Hello API:
https://github.com/tavrez/openssh-sk-winhello
Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.
-
One way I see `.env` files used is with NodeJS webservers which will read in the .env file.
But more generally, in shell usage: On Unix machines: direnv https://direnv.net/ (It doesn't support powershell; but I see there are scripts for powershell inspired by this). -- Just be very certain these won't get committed into the repo if you're going to put secrets in them.
I think it's preferable to have different secrets for different machines. (e.g. different SSH keys, or different AWS IAM users - which can each assume a shared role if that's easier to manage).
If you want to sync secrets, one easy way is to use a password database, and then use Dropbox whatever equivalent solution. Another way would be to use e.g. PGP keys. (The public key of a PGP key can be shared between machines, and can be used to encrypt contents for that machine).
