https://github.com/jitesoft/docker-keybase-sshca

Docker image with Keybase & Keybase SSH CA Bot.
https://github.com/jitesoft/docker-keybase-sshca

certificate-authority docker docker-image dockerfile hacktoberfest jitesoft keybase keybase-ssh-ca ssh

Last synced: 5 months ago
JSON representation

Docker image with Keybase & Keybase SSH CA Bot.

• Host: GitHub
• URL: https://github.com/jitesoft/docker-keybase-sshca
• Owner: jitesoft
• License: mit
• Created: 2019-09-03T11:49:35.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-10-12T12:45:39.000Z (almost 5 years ago)
• Last Synced: 2025-05-09T00:37:08.752Z (5 months ago)
• Topics: certificate-authority, docker, docker-image, dockerfile, hacktoberfest, jitesoft, keybase, keybase-ssh-ca, ssh
• Language: Shell
• Homepage: https://github.com/keybase/bot-sshca
• Size: 86.9 KB
• Stars: 6
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# Keybase-SSH-CA

[![Docker Pulls](https://img.shields.io/docker/pulls/jitesoft/keybase-sshca.svg)](https://hub.docker.com/r/jitesoft/keybase-sshca)

[![pipeline status](https://gitlab.com/jitesoft/dockerfiles/keybase-sshca/badges/master/pipeline.svg)](https://gitlab.com/jitesoft/dockerfiles/keybase-sshca/commits/master)

[![Back project](https://img.shields.io/badge/Open%20Collective-Tip%20the%20devs!-blue.svg)](https://opencollective.com/jitesoft-open-source)

This image contains the [Keybase](https://keybase.io/) and [Keybase-sshca](https://github.com/keybase/bot-sshca) applications running on ubuntu linux.  

## What is Keybase SSH CA?

A bot!, a chat bot! Which you can use as a certificate authority to sign ssh keys for usage on your servers!  

Easiest way to use it is via the `kssh` utility which is possible to download at the [official repository](https://github.com/keybase/bot-sshca).  

## Tags

Tags are based on the keybase-sshca version.  

As of current releases, the versions contains part of the commit sha suffixed, every build will include that as a 

tag too: `1.0.0-7803a8d`

Keybase-sshca is built from source and compiled for amd64 and arm64/aarch64.

### Docker Hub

* `jitesoft/keybase-sshca`

    * `latest`, `1.1.0`

    * `latest-alpine`, `1.1.0-alpine`

### GitLab

* `registry.gitlab.com/jitesoft/dockerfiles/keybase-sshca`

    * `latest`, `1.1.0`

* `registry.gitlab.com/jitesoft/dockerfiles/keybase-sshca/alpine`

    * `latest`, `1.1.0`

### Quay.io

* `quay.io/jitesoft/keybase-sshca`

    * `latest`, `1.1.0`

    * `latest-alpine`, `1.1.0-alpine`

  

Dockerfile can be found at [GitLab](https://gitlab.com/jitesoft/dockerfiles/keybase-sshca) and [GitHub](https://github.com/jitesoft/docker-keybase-sshca).

### Image labels

This image follows the [Jitesoft image label specification 1.0.0](https://gitlab.com/snippets/1866155).

## Usage

For full documentation, check the [Keybase SSH CA Bot documentation](https://keybase-ssh-ca-bot.readthedocs.io/en/latest/index.html).

Startup of bot:

```shell 

docker run -v $(pwd):/home/keybase/certificates jitesoft/keybase-sshca:1.0.0 

```

To fine-tune the container to work with your channels, a few environment variables are available:

```dotenv

TEAMS="list.of.teams,separated.by.a.comma"

CHAT_CHANNEL="list.of.teams#and-channel,separated.by.a.comma#channel"

KEYBASE_USERNAME="your-bot-username"             # I recommend that you create a new bot for this.

KEYBASE_PAPERKEY="Paperkey-for-bot"              # Possible to generate quickly via the keybase cli. 

KEYBASE_USERNAME_PATH="path-to-username-in-file" # File to use instead of above 'username' env variable. 

KEYBASE_PAPERKEY_PATH="path-to-paperkey-in-file" # As above, but for the paperkey.

CA_KEY_LOCATION="/home/keybase/ca-cert"          # Location where the key file should be or will be if generated by this image.

                                                 # Default is /home/keybase/ca-cert

KEY_EXPIRATION="+12h"                            # Expiration time (prefixed with + and sufixed with unit, such as d, h, m).

KEYBASE_SSHCA_LOG_DIR="/home/keybase/.cache/keybase" # Path to directory where the logs of the keybase-ssh-ca bot should be placed.

                                                # defaults to /home/keybase/.cache/keybase

                                                # Note: logs are also printed to stdout.

STRICT_LOGGING="false"                          # Sets the logging to strict or not strict. (true or false)

ANNOUNCEMENT=""                                 # A string/text that the bot will use to announce itself in a channel.

                                                # The following placeholders are available: {USERNAME}, {CURRENT_TEAM}, {TEAMS}.

```

Most notable are the `KEYBASE_*` prefixed user and paperkey variables, which either filepath or env type are required to exist to allow the bot to connect.  

The Docker image will generate a set of `ecdsa` keys to use as ca keys in case you don't supply them yourself, and it might be worth to add a persistent volume for them

so that they do not disappear after restart of the container.  

## Licenses

This repository and the files therein are released under the [MIT](https://gitlab.com/jitesoft/dockerfiles/keybase/blob/master/LICENSE) license.  

Keybase is released under the [BSD 3-Clause "New" or "Revised"](https://github.com/keybase/client/blob/master/LICENSE) license.  

Keybase-sshca is released under the [BSD 3-Clause "New" or "Revised"](https://github.com/keybase/bot-sshca/blob/master/LICENSE) license.