specify ssh dir (#2981)

* specify ssh dir

Signed-off-by: Joel Lau <[email protected]>

* added documentation, prefer GOPASS_SSHDIR

Signed-off-by: Joel Lau <[email protected]>

* check for empty path

Signed-off-by: Joel Lau <[email protected]>

---------

Signed-off-by: Joel Lau <[email protected]>

docs/backends/age.md

@@ -37,6 +37,11 @@ $  GOPASS_AGE_PASSWORD=mypassword gopass init --crypto age <age1...>
 Notice the extra space in front of the command to skip most shell's history.
 You'll need to set your name and username using `git` directly if you're using it as storage backend (the default one).
 
+You can also specify the ssh directory by setting environment variable
+```
+$  GOPASS_SSH_DIR=/Downloads/new_ssh_dir gopass init --crypto age <age1...>
+```
+
 ## Features
 
 * Encryption using `age` library, can be decrypted using the `age` CLI

docs/config.md

@@ -34,6 +34,7 @@ Some configuration options are only available through setting environment variab
 | `GOPASS_NO_NOTIFY`           | `bool`   | Set to any non-empty value to prevent notifications                                                                                                               |
 | `GOPASS_NO_REMINDER`         | `bool`   | Set to any non-empty value to prevent reminders                                                                                                                   |
 | `GOPASS_PW_DEFAULT_LENGTH`   | `int`    | Set to any integer value larger than zero to define a different default length in the `generate` command. By default the length is 24 characters.                 |
+| `GOPASS_SSH_DIR`             | `string` | Set to a filepath that contains ssh keys. Overrides default location. |
 | `GOPASS_UMASK`               | `octal`  | Set to any valid umask to mask bits of files created by gopass                                                                                                    |
 | `GOPASS_UNCLIP_CHECKSUM`     | `string` | (internal) Used between gopass and it's unclip helper.                                                                                                            |
 | `GOPASS_UNCLIP_NAME`         | `string` | (internal) Used between gopass and it's unclip helper.                                                                                                            |

internal/backend/crypto/age/ssh.go

@@ -32,14 +32,11 @@ func (a *Age) getSSHIdentities(ctx context.Context) (map[string]age.Identity, er
 		return sshCache, nil
 	}
 
-	// notice that this respects the GOPASS_HOMEDIR env variable, and won't
-	// find a .ssh folder in your home directory if you set GOPASS_HOMEDIR
-	uhd := appdir.UserHome()
-	sshDir := filepath.Join(uhd, ".ssh")
-	if !fsutil.IsDir(sshDir) {
+	sshDir, err := getSSHDir()
+	if err != nil {
 		debug.Log("no .ssh directory found at %s. Ignoring SSH identities", sshDir)
 
-		return nil, fmt.Errorf("no identities found: %w", ErrNoSSHDir)
+		return nil, fmt.Errorf("no identities found: %w", err)
 	}
 
 	files, err := os.ReadDir(sshDir)
@@ -69,6 +66,24 @@ func (a *Age) getSSHIdentities(ctx context.Context) (map[string]age.Identity, er
 	return ids, nil
 }
 
+func getSSHDir() (string, error) {
+	preferredPath := os.Getenv("GOPASS_SSH_DIR")
+	sshDir := filepath.Join(preferredPath, ".ssh")
+	if preferredPath != "" && fsutil.IsDir(sshDir) {
+		return preferredPath, nil
+	}
+
+	// notice that this respects the GOPASS_HOMEDIR env variable, and won't
+	// find a .ssh folder in your home directory if you set GOPASS_HOMEDIR
+	uhd := appdir.UserHome()
+	sshDir = filepath.Join(uhd, ".ssh")
+	if fsutil.IsDir(sshDir) {
+		return sshDir, nil
+	}
+
+	return "", ErrNoSSHDir
+}
+
 // parseSSHIdentity parses a SSH public key file and returns the recipient and the identity.
 func (a *Age) parseSSHIdentity(ctx context.Context, pubFn string) (string, age.Identity, error) {
 	privFn := strings.TrimSuffix(pubFn, ".pub")