Would it be possible to use an Age key that lives on a Yubikey via age-plugin-yubikey?

[solomon-b]

I know you can do this with GPG but it would be really awesome if I could use Age instead.

[Mic92]

This is blocked on getsops/sops#1103

[nyabinary]

Bummer :<

[Mic92]

Now we got: getsops/sops#1335 that unlocks tpm and yubikey plugins for age.

[solomon-b]

Oh very cool. Will you need to do work on sops-nix or will it just work once its merged into sops?

[Mic92]

It should just work (TM). Maybe we need some environment (PATH?) variable for sops-install-secrets so age plugins are discovered? But this shouldn't take long to implement.

[nyabinary]

It should just work (TM). Maybe we need some environment (PATH?) variable for sops-install-secrets so age plugins are discovered? But this shouldn't take long to implement.

Documentation and a guide would also be appreciated

[Kranzes]

If you know a bit of Go and got a bit of sanity left in you, please help out with getsops/sops#1335. I didn't write any of the code there, it was @Mic92.

[mannp]

I was keen to give this a try with the yubikey-support branch :) but wasn't sure if it was at a beta stage? :)

[Mic92]

@mannp I will probably switch to use https://github.com/olastor/age-plugin-fido2-hmac instead, because than we can use other security keys beyond just yubikeys.

[mannp]

@mannp I will probably switch to use https://github.com/olastor/age-plugin-fido2-hmac instead, because than we can use other security keys beyond just yubikeys.

Having choice over sec keys sounds like a good plan, and thanks for the update :)