You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the time of writing, keychain has seen no activity in over four years. It might be helpful to suggest alternatives given there is no desire to maintain the project.
I've found that gpg-agent and systemd have not only proven to be a suitable replacement, but also have improved quality of life by reducing shell startup times by 64ms~ (130ms~ at the extreme). There is an excellent article on the Arch Linux wiki which explains how to setup and configure gpg-agent. Most importantly, gpg-agent can emulate ssh-agent.
keychain performance
One of the main reasons for seeking alternatives is the poor performance and consequential large impact keychain imposed on shell startup times.
# -Q for quick (seems slower?)
❯ hyperfine 'keychain -q -Q --noask --agents gpg,ssh 86930F1CE9E00625 id_ed25519'
Benchmark 1: keychain -q -Q --noask --agents gpg,ssh 86930F1CE9E00625 id_ed25519
Time (mean ± σ): 64.0 ms ± 13.8 ms [User: 60.3 ms, System: 14.2 ms]
Range (min … max): 56.3 ms … 126.2 ms 23 runs
Warning: The first benchmarking run for this command was significantly slower than the rest (126.2 ms). This could be caused by (filesystem) caches that were not filled until after the first run. You should consider using the '--warmup' option to fill those caches before the actual benchmark. Alternatively, use the '--prepare' option to clear the caches before each timing run.
❯ hyperfine 'keychain -q --noask --agents gpg,ssh 86930F1CE9E00625 id_ed25519'
Benchmark 1: keychain -q --noask --agents gpg,ssh 86930F1CE9E00625 id_ed25519
Time (mean ± σ): 55.6 ms ± 2.5 ms [User: 49.3 ms, System: 15.9 ms]
Range (min … max): 50.4 ms … 62.0 ms 45 runs
gpg-agent systemd user unit
Rather than reading the Arch Linux wiki, this should work as a quick-start and tl;dr.
The gpg-agent systemd user units are enabled by default (at least on Arch Linux).
❯ systemctl --user status gpg-agent
● gpg-agent.service - GnuPG cryptographic agent and passphrase cache
Loaded: loaded (/usr/lib/systemd/user/gpg-agent.service; static)
Active: active (running) since Tue 2022-02-01 11:54:18 GMT; 11min ago
TriggeredBy: ● gpg-agent.socket
● gpg-agent-ssh.socket
● gpg-agent-extra.socket
● gpg-agent-browser.socket
Docs: man:gpg-agent(1)
Main PID: 1708 (gpg-agent)
Tasks: 1 (limit: 19177)
Memory: 428.0K
CPU: 66ms
CGroup: /user.slice/user-1000.slice/[email protected]/app.slice/gpg-agent.service
└─1708 /usr/bin/gpg-agent --supervised
Feb 01 11:54:18 matryoshka systemd[459]: Started GnuPG cryptographic agent and passphrase cache.
Feb 01 11:54:18 matryoshka gpg-agent[1708]: gpg-agent (GnuPG) 2.2.32 starting in supervised mode.
Feb 01 11:54:18 matryoshka gpg-agent[1708]: using fd 3 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Feb 01 11:54:18 matryoshka gpg-agent[1708]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 01 11:54:18 matryoshka gpg-agent[1708]: using fd 5 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
Feb 01 11:54:18 matryoshka gpg-agent[1708]: using fd 6 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
Feb 01 11:54:18 matryoshka gpg-agent[1708]: listening on: std=3 extra=5 browser=6 ssh=4
Restart the gpg-agent systemd user unit to apply changes.
❯ systemctl --user restart gpg-agent
Assuming keys have already been added to gpg-agent, everything should work as expected. This approach doesn't ask for all passphrases upfront, at shell login, but I'm sure it's possible to write something to do this if desired. Personally, I don't want that functionality as it is incompatible with some terminal configurations (i.e zsh4humans).
I hope this is helpful!
The text was updated successfully, but these errors were encountered:
At the time of writing, keychain has seen no activity in over four years. It might be helpful to suggest alternatives given there is no desire to maintain the project.
I've found that gpg-agent and systemd have not only proven to be a suitable replacement, but also have improved quality of life by reducing shell startup times by 64ms~ (130ms~ at the extreme). There is an excellent article on the Arch Linux wiki which explains how to setup and configure gpg-agent. Most importantly, gpg-agent can emulate ssh-agent.
keychain performance
One of the main reasons for seeking alternatives is the poor performance and consequential large impact keychain imposed on shell startup times.
gpg-agent systemd user unit
Rather than reading the Arch Linux wiki, this should work as a quick-start and tl;dr.
The gpg-agent systemd user units are enabled by default (at least on Arch Linux).
Emulate ssh-agent:
/etc/security/pam_env.conf
Cache passphrases for a really long time:
~/.gnupg/gpg-agent.conf
Restart the gpg-agent systemd user unit to apply changes.
Assuming keys have already been added to gpg-agent, everything should work as expected. This approach doesn't ask for all passphrases upfront, at shell login, but I'm sure it's possible to write something to do this if desired. Personally, I don't want that functionality as it is incompatible with some terminal configurations (i.e zsh4humans).
I hope this is helpful!
The text was updated successfully, but these errors were encountered: