←back to thread

Ask HN: How do you store private keys?

6 points max_ | 1 comments | 16 May 25 17:34 UTC | HN request time: 0.292s | source

It seems there is no standard proper way to store private keys.

I have been using AGE [0]

And I really don't like the idea of having the keys stored in the home directory in plain text.

There is also a risk of losing the keys if my laptop is damaged or gets stolen.

Is there a proper tool for storing encryption keys?

1. throwup238 ◴[16 May 25 18:38 UTC] No.44008579[source]
1Password with their SSH agent [1] for SSH keys, their CLI [2] for local secrets, and their terraform provider with service tokens for infrastructure keys/secrets. Yubikey for the secrets I’m most paranoid about.

You can essentially encrypt all environment variables, not just SSH keys, by aliasing your terminal commands to the 1password CLI. I have a “secrets” repo where all dotenv files are checked in with values like “op://vault-name/secret-name/key-name” that get injected by the op cli.

[1] https://developer.1password.com/docs/ssh/agent/

[2] https://developer.1password.com/docs/cli/get-started/