Secretive | Awesome Repository

Secretive is an SSH key manager that utilizes hardware-backed security modules to generate and store non-exportable private keys. It integrates with secure enclaves to ensure that sensitive cryptographic material remains within the hardware and cannot be exported from the device.

The system implements a biometric authentication workflow, requiring fingerprint or wearable verification before a private key is released for signing operations. It also provides the ability to bridge signing requests to external hardware tokens for systems that lack a built-in secure enclave.

The project includes utilities for managing public key metadata, mapping keys to local files, and monitoring key usage through event-based access notifications. It further provides configuration options to integrate these hardware-backed authentication capabilities with external applications.

Features

Hardware Security Module Integrations - Integrates with secure enclaves to store private keys in hardware-backed security modules.
Secure Enclaves - Implements non-exportable SSH key storage using hardware-backed secure enclaves to prevent private key extraction.
Biometric Authentication - Requires biometric verification before allowing a private key to be used for signing operations.
Biometric Unlocking - Implements hardware-backed biometric verification to grant access to private signing keys.

Features

Hardware Security Module Integrations - Integrates with secure enclaves to store private keys in hardware-backed security modules.
Secure Enclaves - Implements non-exportable SSH key storage using hardware-backed secure enclaves to prevent private key extraction.
Biometric Authentication - Requires biometric verification before allowing a private key to be used for signing operations.
Biometric Unlocking - Implements hardware-backed biometric verification to grant access to private signing keys.