GitHub - KeetaNetwork/agent

3 min read Original article ↗

Platform: macOS GPG Support SSH Support

Keeta Agent

Keeta Agent App Preview

Keeta Agent is a macOS toolbar app for automated key management of GPG and SSH keys using the Secure Enclave. It uniquely links git commits signed on your physical device to your connected GitHub account, increasing developer security.

It comes bundled with GnuPG distribution and an SSH Agent that bridges to Apple's native support for NIST P-256 elliptic curve (ECC) keys.

Why Keeta Agent?

Secure Key Storage

Most people save GPG or SSH keys on their computer’s hard drive, protected by file permissions. While this is common, it's not completely secure - malicious users or malware could potentially copy these keys.

Keeta Agent stores keys in the Secure Enclave, Apple's Hardware Security Module (HSM), ensuring they are physically bound to your hardware and it becomes nearly impossible to export them.

Access Control

Specifically designed for Apple Silicon Macs, Keeta Agent leverages advanced security features like Touch ID and Apple Watch authentication. It ensures that all requested actions are securely processed, requiring Touch ID authentication before proceeding.

Automated Setup

Setting up GPG to sign git commits is typically a tedious 18-steps process. Keeta Agent simplifies this by automatically configuring the user’s git to use the bundled GnuPG distribution, using the generated keys.

Github Integration

Seamlessly connect Keeta Agent to your GitHub account via Single Sign-On (SSO). All generated keys are automatically uploaded and linked to your account.

No Additional Hardware

Previously, secure key storage required a separate device, such as a YubiKey or smart card, adding complexity to the setup and introducing additional risks.

Keeta Agent eliminates the hassle of managing external devices, each with its own lifecycle and risk of being lost/stolen, by securely handling keys within your Mac.

Getting Started

Installation

1. Direct Download

Download the latest release from the Releases Page

2. Setup

Provide the name and email you'd like to associate with your keys and GitHub commits.

Keeta Agent Connect Github

3. Connect Github

Keeta Agent Connect Github

Link your GitHub account, and you're ready to go! ✅

Backups and Transfers to New Devices

The Secure Enclave does not allow key export or transfer. If you switch to a new Mac, you'll need to generate new secrets specific to that machine.

Control over SSH

As part of the automated management process, the Keeta Agent will use the SSH key generated by the Secure Enclave instead of the default SSH handling within macOS, which may impact existing SSH configurations.

License

Keeta Agent is licensed under the Creative Commons Attribution-NonCommercial 4.0 International Public License.

Credit

Secretive and Sekey inspired our work on Keeta Agent but were rewritten and expanded to support unique use case and GPG key type.