Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The parent has a great point about credentials and ssh-agent in general. Netrc isn't a great pattern.

But for git you have the right answer.

I completely forgot this aspect because on OS X you can delegate git auth to Keychain with a helper.

https://help.github.com/articles/caching-your-github-passwor...



Apparently since the last time I checked, git actually includes a helper script that allows you to use `gpg-agent` to decrypt your creds in an analogous way to how `ssh-agent` works. It requires a bit of setup since for some reason it's disabled by default, and it's a bit more moving parts (GPG key plus username/password instead of a single keypair) but it's a lot better than it used to be.

I hope this pattern catches on for services other than git.


A better solution is to simply use `gpg-agent` as your `ssh-agent`, as it supports that protocol and it supports RSA authentication keys.

Then your public keys provide not only identity, but services can verify that identity through their web of trust.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: