| ▲ | 0xbadcafebee 9 hours ago | |
1) Get 1Password, 2) use 1Password to hold all your SSH keys and authorize SSH access [1], 3) use 1Password to sign your Git commits and set up your remote VCS to validate them [2], 4) use GitHub OAuth [3] or the GitHub CLI's Login with HTTPS [4] to do repository push/pull. If you don't like 1Password, use BitWarden. With this setup there are two different SSH keys, one for access to GitHub, one is a commit signing key, but you don't use either to push/pull to GitHub, you use OAuth (over HTTPS). This combination provides the most security (without hardware tokens) and 1Password and the OAuth apps make it seamless. Do not use a user with admin credentials for day to day tasks, make that a separate user in 1Password. This way if your regular account gets compromised the attacker will not have admin credentials. [1] https://developer.1password.com/docs/ssh/agent/ [2] https://developer.1password.com/docs/ssh/git-commit-signing/ [3] https://github.com/hickford/git-credential-oauth [4] https://cli.github.com/manual/gh_auth_login | ||
| ▲ | DANmode 2 minutes ago | parent | next [-] | |
Bitwarden verbiage deserves to be higher than 1Password, here. | ||
| ▲ | throw14082020 an hour ago | parent | prev | next [-] | |
Okay great advice, thanks. I'm already using Bitwarden and found out they have an SSH Agent feature too [1]. I've tried lastpass, Bitwarden, 1password and I prefer Bitwarden (good UX, very affordable) | ||
| ▲ | madeofpalk 28 minutes ago | parent | prev | next [-] | |
Make sure the gh cli isn’t storing oauth credentials in plaintext as it can silently do. | ||
| ▲ | zozos 8 hours ago | parent | prev [-] | |
I already use 1password and have it already installed. Will try this out. Thanks! | ||