https://github.com/maxgoedjen/secretive

Skip to content Toggle navigation
 
Sign up

  * Product
      +  
        Actions
        Automate any workflow
      +  
        Packages
        Host and manage packages
      +  
        Security
        Find and fix vulnerabilities
      +  
        Codespaces
        Instant dev environments
      +  
        Copilot
        Write better code with AI
      +  
        Code review
        Manage code changes
      +  
        Issues
        Plan and track work
      +  
        Discussions
        Collaborate outside of code
      + Explore
      + All features
      + Documentation
      + GitHub Skills
      + Blog
  * Solutions
      + For
      + Enterprise
      + Teams
      + Startups
      + Education
      + By Solution
      + CI/CD & Automation
      + DevOps
      + DevSecOps
      + Case Studies
      + Customer Stories
      + Resources
  * Open Source
      +  
        GitHub Sponsors
        Fund open source developers
      +  
        The ReadME Project
        GitHub community articles
      + Repositories
      + Topics
      + Trending
      + Collections
  * Pricing

[                    ] 

  *  
    #
    In this repository All GitHub |
    Jump to |

  * No suggested jump to results

  *  
    #
    In this repository All GitHub |
    Jump to |
  *  
    #
    In this user All GitHub |
    Jump to |
  *  
    #
    In this repository All GitHub |
    Jump to |

Sign in
Sign up
{{ message }}
maxgoedjen / secretive Public

  * 
  * Notifications
  * Fork 112
  * Star 5.6k

Store SSH keys in the Secure Enclave

License

MIT license
5.6k stars 112 forks
Star
Notifications

  * Code
  * Issues 91
  * Pull requests 4
  * Discussions
  * Actions
  * Projects 1
  * Security
  * Insights

More

  * Code
  * Issues
  * Pull requests
  * Discussions
  * Actions
  * Projects
  * Security
  * Insights

maxgoedjen/secretive

This commit does not belong to any branch on this repository, and may
belong to a fork outside of the repository.
main
Switch branches/tags
[                    ]
Branches Tags
Could not load branches
Nothing to show
{{ refName }} default View all branches
Could not load tags
Nothing to show
{{ refName }} default
View all tags

Name already in use

A tag already exists with the provided branch name. Many Git commands
accept both tag and branch names, so creating this branch may cause
unexpected behavior. Are you sure you want to create this branch?
Cancel Create
11 branches 21 tags
Code

  * Local
  * Codespaces

  *  
    Clone
    HTTPS GitHub CLI
    [https://github.com/m]

    Use Git or checkout with SVN using the web URL.

    [gh repo clone maxgoe]

    Work fast with our official CLI. Learn more.

  * Open with GitHub Desktop
  * Download ZIP

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

@maxgoedjen
maxgoedjen Fix a few analyzer/Xcode 13.4b1 warnings (#449)
...
f54b2a3 Feb 19, 2023
Fix a few analyzer/Xcode 13.4b1 warnings (#449)

* Fix missing combine imports

* Fix a few other new warnings

f54b2a3

Git stats

  * 254 commits

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
Light/dark readme images (#438)
December 23, 2022 21:54
Sources
Fix a few analyzer/Xcode 13.4b1 warnings (#449)
February 19, 2023 01:37
.gitignore
Ignore workspace data (#299)
January 2, 2022 00:49
APP_CONFIG.md
Add in config for nushell (#406)
August 31, 2022 06:32
CODE_OF_CONDUCT.md
Add CoC
March 14, 2020 21:31
CONTRIBUTING.md
. (#221)
June 1, 2021 00:21
DESIGN.md
Update GitHub image (#313)
January 2, 2022 06:16
FAQ.md
Add line about help/setup tool to FAQ (#382)
October 26, 2022 08:48
LICENSE
Initial commit
February 18, 2020 19:34
README.md
Light/dark readme images (#438)
December 23, 2022 21:54
SECURITY.md
Create SECURITY.md (#123)
July 12, 2020 15:14
View code
[                    ]
Secretive Why? Safer Storage Access Control Notifications Support for
Smart Cards Too! Getting Started Installation Direct Download Using
Homebrew FAQ Auditable Build Process A Note Around Code Signing and
Keychains Backups and Transfers to New Machines Security

README.md

 Secretive Test Release

Secretive is an app for storing and managing SSH keys in the Secure
Enclave. It is inspired by the sekey project, but rewritten in Swift
with no external dependencies and with a handy native management app.

Screenshot of Secretive

 Why?

 Safer Storage

The most common setup for SSH keys is just keeping them on disk,
guarded by proper permissions. This is fine in most cases, but it's
not super hard for malicious users or malware to copy your private
key. If you store your keys in the Secure Enclave, it's impossible to
export them, by design.

 Access Control

If your Mac has a Secure Enclave, it also has support for strong
access controls like Touch ID, or authentication with Apple Watch.
You can configure your key so that they require Touch ID (or Watch)
authentication before they're accessed.

Screenshot of Secretive authenticating with Touch ID

 Notifications

Secretive also notifies you whenever your keys are accessed, so
you're never caught off guard.

Screenshot of Secretive notifying the user

 Support for Smart Cards Too!

For Macs without Secure Enclaves, you can configure a Smart Card
(such as a YubiKey) and use it for signing as well.

 Getting Started

 Installation

 Direct Download

You can download the latest release over on the Releases Page

 Using Homebrew

brew install secretive

 FAQ

There's a FAQ here.

 Auditable Build Process

Builds are produced by GitHub Actions with an auditable build and
release generation process. Each build has a "Document SHAs" step,
which will output SHA checksums for the build produced by the GitHub
Action, so you can verify that the source code for a given build
corresponds to any given release.

 A Note Around Code Signing and Keychains

While Secretive uses the Secure Enclave for key storage, it still
relies on Keychain APIs to access them. Keychain restricts reads of
keys to the app (and specifically, the bundle ID) that created them.
If you build Secretive from source, make sure you are consistent in
which bundle ID you use so that the Keychain is able to locate your
keys.

 Backups and Transfers to New Machines

Because secrets in the Secure Enclave are not exportable, they are
not able to be backed up, and you will not be able to transfer them
to a new machine. If you get a new Mac, just create a new set of
secrets specific to that Mac.

 Security

If you discover any vulnerabilities in this project, please notify
max.goedjen@gmail.com with the subject containing "SECRETIVE
SECURITY."

About

Store SSH keys in the Secure Enclave

Topics

ssh mac security secure-enclave

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy

Stars

5.6k stars

Watchers

38 watching

Forks

112 forks

Releases 19

 
2.3.0 Latest
Dec 23, 2022
+ 18 releases

Sponsor this project

 
Sponsor
Learn more about GitHub Sponsors

Contributors 19

  * @maxgoedjen
  * @lavalleeale
  * @paulhammond
  * @EppO
  * @jontingvold
  * @pfy
  * @unreality
  * @akosednar
  * @vladimyr
  * @joshheyse
  * @aaron-trout

+ 8 contributors

Languages

  * Swift 98.4%
  * Rich Text Format 1.3%
  * Objective-C 0.3%

Footer

 (c) 2023 GitHub, Inc.

Footer navigation

  * Terms
  * Privacy
  * Security
  * Status
  * Docs
  * Contact GitHub
  * Pricing
  * API
  * Training
  * Blog
  * About

You can't perform that action at this time.
You signed in with another tab or window. Reload to refresh your
session. You signed out in another tab or window. Reload to refresh
your session.