Security

My laptop is gone. My password manager database lives in the cloud - but the cloud storage password is a random 40-character string that only exists inside that password manager. Classic chicken-and-egg. My solution: print the password on paper, encrypted. paper-age is a tool that takes any secret and produces a printable PDF containing a QR code with the data encrypted using age - passphrase-based symmetric encryption. One passphrase to remember, everything else on paper. ...

Inspired by this post by JP Mens. Instead of distributing public keys to every server’s authorized_keys, you can use a Certificate Authority (CA) to sign SSH keys. This eliminates ssh-copy-id, manual authorized_keys edits, and TOFU prompts for new hosts. How it works: Create a CA key pair on a secure machine umask 077; mkdir CA ssh-keygen -t ecdsa -C "My SSH CA" -f CA/ssh-ca Sign user public keys with the CA, specifying allowed principals (login names) ...

...