| ▲ | wrxd 3 hours ago | |||||||
An alternative is to use ssh keys stored in the Secure Enclave with tools like https://secretive.dev/ | ||||||||
| ▲ | pianopatrick 2 hours ago | parent [-] | |||||||
Seems to me a tool like that would stop the agent from sending those specific keys elsewhere. But a tool like that would not stop the agent who is acting as you from using the SSH keys via the CLI. You would want to combine that with other tactics like having the agent run as some other user. | ||||||||
| ||||||||