-
-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feedback CLI usage #65
Comments
Hi @Meai, thanks for the feedback, You can change the editor by using the env var Regarding the key to use, you can pass only the index: (but also keep in mind that no matter what key you use the recipient should know/have his keys) To get all your indexes:
To send a message using your key ID 3:
the option If just only need to share a secret fast without even knowing the keys you can use:
That will return something you can share like:
Or depending on your keys (without a passphrase) you could do:
Or check the 1password |
Hi,
it took me quite a while to understand how to do a successful call and I even had to debug the code to figure out why things weren't working for me. Maybe partially because I tried to do it on windows so some errors like "Program not found" made no sense to me (I had to look in the source code and realize that it means it was trying to find an editor and that was VI and then how to change that, then realize that it doesnt work on Windows and 'vscode --wait' doesnt work either and notepad.exe doesnt work either). Also it seems it requires ctrl+z for input ending instead of ctrl+d on linux(?) as in the docs. The way that I have to write "--input -" was also unintuitive to me, is that really a widely known convention? On Linux there also exists a way to do multi lines where I have to write \ after every newline but it was also always very hard for me to get it done correctly so maybe your way is better anyway but I think it shouldnt default to multiline, it should still allow a simple string input if I dont specify the '-'.
Also when I used the --json option the resulting file wasn't able to be read as a vault file, so I wonder what the point of it is then?
Another point is that you simply take the first certificate found on e.g the github page .keys by default, but I think if someone doesn't specify anything then the default should be that the CLI asks me to enter a number or maybe even let me select from the list because you retrieve them all anyway. Otherwise the result will very often be that I'll have to specify the key by index but indices can change all the time, it's very brittle I think. The ssh-ed25519 public keys seem to be so short that maybe it would even make sense to simply let people paste the key instead of reading it from an external location, or maybe let me paste how a key starts.. some kind of way that is better than selecting by index because who knows.. users can always change their keys on github around and then I might select the wrong one. The UX is: How do we collaboratively agree that I'll share a secret with you via your github keys? The other person would have to tell me: Hey, please pick index 7. I think it's just too brittle, maybe you have a better idea to improve this?
But my main point is that in my opinion the default CLI could or should be as simple as this (perhaps with a ssh-vault-config.json that would specify the rest of the options in the same folder):
ssh-vault encrypt "mysecret" // print to stdout
ssh-vault decrypt "pasted ssh text block" // print to stdout
Thanks for a great tool, I think it's really mostly the usability that was the issue for me when I tried it!
The text was updated successfully, but these errors were encountered: