https://github.com/maxgoedjen/secretive Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Issues - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this user All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} maxgoedjen / secretive Public * * Notifications * Star 2.9k * Fork 62 * Store SSH keys in the Secure Enclave MIT License 2.9k stars 62 forks Star Notifications * Code * Issues 40 * Pull requests 2 * Discussions * Actions * Projects 1 * Security * Insights More * Code * Issues * Pull requests * Discussions * Actions * Projects * Security * Insights main Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 4 branches 17 tags Code Latest commit @maxgoedjen maxgoedjen Embed detail in scrollview (#241) ... 3d305d9 Sep 26, 2021 Embed detail in scrollview (#241) 3d305d9 Git stats * 194 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github Build with Xcode 13 (#226) Sep 23, 2021 Brief Build with Xcode 13 (#226) Sep 23, 2021 BriefTests Build with Xcode 13 (#226) Sep 23, 2021 Config Fix broken updater check (#145) Sep 22, 2020 SecretAgent Add internet access policy (#199) Jan 17, 2021 SecretAgentKit Restore changes for Big Sur images. (#160) Nov 11, 2020 SecretAgentKitTests Build with Xcode 13 (#226) Sep 23, 2021 SecretKit Add option to rename keys/secrets (#216) Jun 1, 2021 SecretKitTests Add support for SHA256 fingerprints (#198) Jan 18, 2021 Secretive.xcodeproj Add option to rename keys/secrets (#216) Jun 1, 2021 Secretive Embed detail in scrollview (#241) Sep 25, 2021 SecretiveTests MIT licensing notices Mar 20, 2020 .gitignore Update for Big Sur & SwiftUI 2 (#128) Sep 22, 2020 APP_CONFIG.md Break out app faq (#162) Nov 11, 2020 CODE_OF_CONDUCT.md Add CoC Mar 15, 2020 CONTRIBUTING.md . (#221) Jun 1, 2021 FAQ.md Update FAQ.md (#176) Nov 26, 2020 Icon.sketch Update readme assets for design changes (#204) Jan 19, 2021 LICENSE Initial commit Feb 19, 2020 README.md brew cask install is deprecated (#192) Jan 17, 2021 SECURITY.md Create SECURITY.md (#123) Jul 12, 2020 View code [ ] Secretive Why? Safer Storage Access Control Notifications Support for Smart Cards Too! Getting Started Installation Direct Download Using Homebrew FAQ Auditable Build Process A Note Around Code Signing and Keychains Backups and Transfers to New Machines Security README.md Secretive Test Release Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app. Screenshot of Secretive Why? Safer Storage The most common setup for SSH keys is just keeping them on disk, guarded by proper permissions. This is fine in most cases, but it's not super hard for malicious users or malware to copy your private key. If you store your keys in the Secure Enclave, it's impossible to export them, by design. Access Control If your Mac has a Secure Enclave, it also has support for strong access controls like Touch ID, or authentication with Apple Watch. You can configure your key so that they require Touch ID (or Watch) authentication before they're accessed. Screenshot of Secretive authenticating with Touch ID Notifications Secretive also notifies you whenever your keys are accessed, so you're never caught off guard. Screenshot of Secretive notifying the user Support for Smart Cards Too! For Macs without Secure Enclaves, you can configure a Smart Card (such as a YubiKey) and use it for signing as well. Getting Started Installation Direct Download You can download the latest release over on the Releases Page Using Homebrew brew install secretive FAQ There's a FAQ here. Auditable Build Process Builds are produced by GitHub Actions with an auditable build and release generation process. Each build has a "Document SHAs" step, which will output SHA checksums for the build produced by the GitHub Action, so you can verify that the source code for a given build corresponds to any given release. A Note Around Code Signing and Keychains While Secretive uses the Secure Enclave for key storage, it still relies on Keychain APIs to access them. Keychain restricts reads of keys to the app (and specifically, the bundle ID) that created them. If you build Secretive from source, make sure you are consistent in which bundle ID you use so that the Keychain is able to locate your keys. Backups and Transfers to New Machines Because secrets in the Secure Enclave are not exportable, they are not able to be backed up, and you will not be able to transfer them to a new machine. If you get a new Mac, just create a new set of secrets specific to that Mac. Security If you discover any vulnerabilities in this project, please notify max.goedjen@gmail.com with the subject containing "SECRETIVE SECURITY." About Store SSH keys in the Secure Enclave Topics ssh mac security secure-enclave Resources Readme License MIT License Releases 17 2.1.1 Latest Aug 8, 2021 + 16 releases Sponsor this project Sponsor Learn more about GitHub Sponsors Contributors 9 * @maxgoedjen * @lavalleeale * @EppO * @vladimyr * @joshheyse * @aaron-trout * @diesal11 * @0xflotus * @AndroidKitKat Languages * Swift 96.4% * Rich Text Format 1.8% * Other 1.8% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.