{"id":13883423,"url":"https://github.com/theodo/synckeys","last_synced_at":"2025-07-28T04:31:36.646Z","repository":{"id":45444517,"uuid":"41269313","full_name":"theodo/synckeys","owner":"theodo","description":"synckeys a simple tool to manage ssh keys of multiple people spread on multiple servers","archived":false,"fork":false,"pushed_at":"2021-12-13T18:02:22.000Z","size":11,"stargazers_count":18,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-07-04T04:20:09.936Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/theodo.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-23T22:05:32.000Z","updated_at":"2025-04-26T15:59:51.000Z","dependencies_parsed_at":"2022-09-10T02:22:18.834Z","dependency_job_id":null,"html_url":"https://github.com/theodo/synckeys","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/theodo/synckeys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2Fsynckeys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2Fsynckeys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2Fsynckeys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2Fsynckeys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/theodo","download_url":"https://codeload.github.com/theodo/synckeys/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2Fsynckeys/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267464040,"owners_count":24091491,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-28T02:00:09.689Z","response_time":68,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-06T09:01:30.820Z","updated_at":"2025-07-28T04:31:36.306Z","avatar_url":"https://github.com/theodo.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"========\nsynckeys\n========\n\nsynckeys is a simple project to manage the deployment of ssh keys of multiple people on multiple servers.\n\nThe usage is quite simple:\n * list all the ssh keys you want to manage in keys.yml\n * list all the projects in acl.yml and link them to the corresponding authorized keys\n * just run synckeys: all servers you are allowed to access will be synced with the correct keys\n\nThe principles behind synckeys\n==============================\n\n\nWhat you see is what you get is more secure\n-------------------------------------------\n\nThe list of projects is a straightforward yaml list:\n * much more readable than a shell script or a fancy provisioning\n * accessed much more often\n * by more people (devs and sysadmins) you trust\n\nTherefore you can expect the magic of self-management to happen and avoid some common pitfalls:\n * keys of people who are gone staying forever\n * generic access keys to be passed around\n\nAnd many more of the things you can expect when smart people you trust are able to take action easily when they see something wrong.\n\nEvery dev or sysadmin in the organisation can use it\n----------------------------------------------------\n\nThe syncing rule is simple: if you have a certain access on a server, you can give the same access to somebody else. But you naturally cannot give yourself or another accesses you do not have.\n\nThis might seem straightforward but this is not what you get when you use a solution like puppet, chef or ansible. These provisioning solutions are mostly run as root on the destination server, therefore disallowing a non-root user to contribute. Even if it is to give somebody else the access you are already trusted with.\n\n\n\nInstallation\n============\n\n   ::\n\n       sudo pip install synckeys\n\n\nConfiguration\n=============\n\nCreate a :key: `keys.yml` file\n---------------------------------\n\n\n::\n\n        fabriceb:\n            key: ssh-rsa AAAA...ffY5+++j\n            expires: ~\n        simonc:\n            key: ssh-rsa AABB...ffY5+++j\n            expires: 2015-12-31\n\n\nCreate a :lock: `acl.yml` file\n---------------------------------\n\n\n::\n\n      - name: superproject\n        servers:\n          - front.superproject.com\n          - db.superproject.com\n        users:\n          ubuntu:\n            sudoer: True\n            authorized_keys:\n              - simonc\n              - fabriceb\n          www-data:\n            authorized_keys:\n              - simonc\n              - fabriceb\n              - reynaldm\n              - adrieng\n\n      - name: otherproject\n        servers:\n          - 65.2.3.4\n        users:\n          root:\n            sudoer: True\n            authorized_keys:\n              - fabriceb\n          www-data:\n            authorized_keys:\n              - simonc\n              - fabriceb\n\n\n\nUsage\n=====\n\nSync everything you are allowed to sync:\n\n   ::\n\n       synckeys --key-name yourkeyname\n\n\nSync a specific project:\n\n   ::\n\n       synckeys --key-name yourkeyname --project superproject\n\n\nTODO :memo:\n===========\n\n-  [x] Remove expired keys\n-  [ ] Remove all keys in keys.yml if they are on the server but not in acl.yml\n-  [ ] Add an option to erase all keys that are not explicitly listed in acl.yml\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheodo%2Fsynckeys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftheodo%2Fsynckeys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheodo%2Fsynckeys/lists"}