hexa/kanidm-authorized-keys
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions
No description
25 commits 4 branches 1 tag 103 KiB
Find a file
Exact
Martin Weinelt b3c7c958cc
All checks were successful
/ check (push) Successful in 39s
Details
Merge pull request 'Update actions/checkout action to v6' (#20) from renovate/actions-checkout-6.x into main 
Reviewed-on: #20
2025-12-01 14:22:15 +00:00
.forgejo/workflows Update actions/checkout action to v6 2025-12-01 10:02:04 +00:00
src/kanidm_authorized_keys Don't print traceback in constraint assertion 2025-04-17 20:03:38 +02:00
.envrc init 2025-04-17 00:04:57 +02:00
.gitignore Expose as flake default package 2025-04-17 21:40:26 +02:00
.python-version Update python Docker tag to v3.13 2025-06-01 10:01:13 +00:00
flake.lock Lock file maintenance 2025-09-29 00:02:33 +00:00
flake.nix flake.nix: drop flake-utils, use nixfmt-tree 2025-05-01 17:33:28 +02:00
module.nix module: init 2025-05-01 17:33:28 +02:00
package.nix package: use fileset to exclude surrounding files from src 2025-05-01 17:33:28 +02:00
pyproject.toml init 2025-04-17 00:04:57 +02:00
README.md README: fix one more blunder 2025-05-01 00:11:45 +02:00
renovate.json renovate: allow running at any minute 2025-05-03 19:23:54 +02:00
test.nix test: init 2025-05-01 17:33:28 +02:00
uv.lock Lock file maintenance 2025-09-29 00:02:33 +00:00

README.md

kanidm-authorized-keys

Given a kanidm group this tool writes all its members' SSH public key into a shared authorized_keys file that can be used for SSH authentication.

Usage

Usage: kanidm-authorized-keys [OPTIONS] AUTHORIZED_KEYS_FILE

Arguments:
  AUTHORIZED_KEYS_FILE  Destination path for the managed authorized_keys file
                        [env var: AUTHORIZED_KEYS_FILE; required]

Options:
  --origin TEXT          Origin of your Kanidm instance, e.g.
                         https://idm.example.com  [env var: KANIDM_ORIGIN;
                         required]
  --token-file FILENAME  Path to a file that holds the API token for a Kanidm
                         service account  [env var: KANIDM_TOKEN_FILE;
                         required]
  --group TEXT           Group to load SSH public keys for  [env var:
                         KANIDM_GROUP; required]
  --min-users INTEGER    Assertion for minimum users that need to be found
                         [default: 0]
  --install-completion   Install completion for the current shell.
  --show-completion      Show completion for the current shell, to copy it or
                         customize the installation.
  --help                 Show this message and exit.

Environment variables

  • KANIDM_ORIGIN: The base url that hosts your kanidm, e.g. https://idm.example.com
  • KANIDM_TOKEN: API token for a service account on the Kanidm instance
  • KANIDM_GROUP: The group that holds the users whose SSH Public Keys should be installed
  • AUTHORIZED_KEYS_FILE: The destination file path.

Development

This project uses

  • Nix Development Shell for Development Tools
  • Direnv to manage attaching/detaching to the development environment
  • uv for Python and its dependencies

To run the project during development execute

uv run kanidm-authorized-keys