You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I manage a significant number of machines for my clients, accessing them over SSH. I use Secretive to securely store private keys in my MacBook's secure enclave. While this has been a great solution, I’m concerned about the challenges of migrating to a new MacBook in the future.
The thought of manually logging into every machine to replace public keys during an upgrade—or worse, after hardware failure—sounds daunting.
I imagine other Secretive users face similar challenges, especially those who already use passkeys stored in iCloud Keychain and are comfortable with the associated security/usability trade-offs for certain scenarios.
Would it be feasible to introduce an iCloud Keychain integration in Secretive? For instance, adding an "iCloud" checkbox in the "Create a New Secret" dialog could allow users to opt in with a clear warning about weaker security properties.
This idea builds on the discussion in issue #542, which I opened earlier this year. Unfortunately, that thread became bogged down in debates about security properties. However, I think there's room for a middle ground: enabling users to prioritize usability for specific use cases, while maintaining the option of maximum security for others.
Currently, there isn’t a project that supports storing SSH keys in iCloud Keychain, and Secretive could uniquely fill this gap. While I’ve explored contributing a pull request myself, I don’t have an Apple Developer account, and I’m unsure how a PR proposing this trade-off would be received.
I’d love to hear thoughts from the community. Does this sound like a feature worth pursuing?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi everyone,
I manage a significant number of machines for my clients, accessing them over SSH. I use Secretive to securely store private keys in my MacBook's secure enclave. While this has been a great solution, I’m concerned about the challenges of migrating to a new MacBook in the future.
The thought of manually logging into every machine to replace public keys during an upgrade—or worse, after hardware failure—sounds daunting.
I imagine other Secretive users face similar challenges, especially those who already use passkeys stored in iCloud Keychain and are comfortable with the associated security/usability trade-offs for certain scenarios.
Would it be feasible to introduce an iCloud Keychain integration in Secretive? For instance, adding an "iCloud" checkbox in the "Create a New Secret" dialog could allow users to opt in with a clear warning about weaker security properties.
This idea builds on the discussion in issue #542, which I opened earlier this year. Unfortunately, that thread became bogged down in debates about security properties. However, I think there's room for a middle ground: enabling users to prioritize usability for specific use cases, while maintaining the option of maximum security for others.
Currently, there isn’t a project that supports storing SSH keys in iCloud Keychain, and Secretive could uniquely fill this gap. While I’ve explored contributing a pull request myself, I don’t have an Apple Developer account, and I’m unsure how a PR proposing this trade-off would be received.
I’d love to hear thoughts from the community. Does this sound like a feature worth pursuing?
Thanks for your time!
Beta Was this translation helpful? Give feedback.
All reactions