Issue
I want to make my dotfiles portable as many one has done. An usual way is creating a directory contains all my dotfiles and writing a script using "ln -s" command to create links at where the dotfiles should be. So if I have this directory I can recover my configs on any machine.
But when it comes to the ssh keys, which I use for connecting to github, should I contain it in this directory? Would it be unsafe if I push the directory to a private repo in github. Or are there other better ways that I needn't regenerate the ssh key pairs and add the pub key to my github account every time?
Solution
In general, you don't want to put secrets in Git repositories because it's very easy to leak them accidentally. This is true even if they're encrypted. Plus, if you don't put secrets in the repository, you can make the repo public, which makes setting dotfiles up easier in a lot of cases. As an example, GitHub Codespaces can't automatically deploy private dotfiles, but it handles public ones just fine.
The best practice for SSH keys is to use a separate pair per set of systems, or at least to comparmentalize them in a convenient way. For example, I have a key for my home environment and a set of keys for work, living on separate machines. This means that you don't need to get them across machines, which simplifies things, and GitHub supports this without a problem.
Note that if you're logging into remote systems, you can forward the SSH agent from your laptop or desktop without a problem, which avoids
If you need to log into systems from different physical terminals, you may try a password manager which can also act as an SSH agent (such as 1Password), or store your encrypted keys on a flash drive that you can plug in. Those are ways that should avoid the need to check them in but continue to allow them to be portable across machines.
Answered By - bk2204 Answer Checked By - Senaida (WPSolving Volunteer)
