This repo describes some basic coufiguration for PowerShell on Windows to improve my development workflow and enhance the security posture of my environment as a small part of a defense in depth strategy.
The core objectives are to protect the ssh private key file (often used without a password) and protect source code at rest. Should laptop(s) go awry or an attacker gain access to the file system and get the ssh-key files then you have the best possibility of avoiding further losses.
This whole process takes approximately 30 minutes.
If you enable all the features, your shiny new shell should now look something like this. Here I'm searching the history by typing the term psre. Note my machine name is masked under the gray and this will be your user@hostname.
- Windows 10 / 11
- PowerShell (6 / 7++ / core)
- Git, Posh-Git and SSH
- Optionally Oh-My-Posh and PSReadLine
- This walk-through expects git and ssh to have been installed already: see Installing Git
- Improved security posture within your development work-flow
- Improved ease of use for git and ssh when using password protected ssh-key files
- New tooling that works with the work-flow to enhance productivity
- Git and ssh work-flows that make use of ssh private key file password security (be sure to set a strong unique password)
- Utilize Windows 10 / 11 ssh-agent components for native integration with PowerShell when using git with ssh (and ssh natively)
- Improve security on shared systems (e.g. virtual desktops) by working with source code in your profile (when used with disk encryption)
- Windows Terminal enhancements with oh-my-posh
- Uses integrated Windows OpenSSH Agent so you can work natively in PowerShell
- Enhanced PowerShell font readability with Unicode support for a graphical prompt to show git context information
- Source code directory consistency and new functions to support this flow: e.g.
cdc <tab-complete to change to the source directory> - PSReadLine command line history with predictive intellisense will revolutionize how you use history and work with the shell
-
Configure Microsoft Terminal for enhanced readability using unicode fonts and usage with Git workflows
-
Add Windows OpenSSH capability to better integrate with PowerShell
-
Create the following directory to contain your source code securely in your profile. Be sure to enable disk encryption (or at least file system directory encryption for this directory) and if roaming profiles are used within your organization understand whether your user profile is right for your security posture.
~\src - path to source code in your user profile
GitHub has an article that walks you through: setting up ssh keys
- Be sure to set a password (passphrase) for your ssh keys!
- You can add new ssh keys here: GitHub -> Profile -> Settings > ssh keys
- Remember to use 'ssh' when cloning repos with git as part of this new workflow.
You are now ready to use git with password protected ssh private keys.
Secure, Sync, Code, Enjoy!
Buy me coffee :)