Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate storage of recovery key from crypt_output.plist to the keychain. #115

Open
weswhet opened this issue May 25, 2023 · 0 comments
Open

Migrate storage of recovery key from crypt_output.plist to the keychain. #115

weswhet opened this issue May 25, 2023 · 0 comments
Assignees
@weswhet
Labels
swift-migration Migrate existing python code to swift.

Comments

@weswhet
Copy link
Collaborator

weswhet commented May 25, 2023

I've been spending a lot of time recently interacting with the keychain and I realized the keychain would be a great spot to store the key instead of directly on disk. I believe we can use https://github.com/square/Valet to simplify this process as the keychain API is a sleeping dragon for newcomers. Once we migrate the checkin code to swift this will be extremely easy to keep the ACLs for the key organized.

We can also keep a Managed Preference list of paths that should have access to the key. Unsure if authorized restarts in munki is still used but it would be easy to grant munki access to it.
@weswhet weswhet mentioned this issue May 25, 2023
Open
@weswhet weswhet self-assigned this May 25, 2023
@weswhet weswhet added the swift-migration Migrate existing python code to swift. label May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@weswhet weswhet

Labels
swift-migration Migrate existing python code to swift.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@weswhet