├── images ├── get_mfa_secret_key.png ├── mfa_setup_correctly.png ├── manage_virtual_mfa_device.png └── aws_iam_users_security_credentials.png ├── go.mod ├── LICENSE ├── .goreleaser.yml ├── main.go ├── cmd ├── qr.go ├── vault.go ├── root.go ├── add.go ├── otp.go └── list.go ├── install.sh ├── README.md └── go.sum /images/get_mfa_secret_key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StevenACoffman/keyfob/HEAD/images/get_mfa_secret_key.png -------------------------------------------------------------------------------- /images/mfa_setup_correctly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StevenACoffman/keyfob/HEAD/images/mfa_setup_correctly.png -------------------------------------------------------------------------------- /images/manage_virtual_mfa_device.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StevenACoffman/keyfob/HEAD/images/manage_virtual_mfa_device.png -------------------------------------------------------------------------------- /images/aws_iam_users_security_credentials.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StevenACoffman/keyfob/HEAD/images/aws_iam_users_security_credentials.png -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/StevenACoffman/keyfob 2 | 3 | go 1.12 4 | 5 | require ( 6 | github.com/atotto/clipboard v0.1.2 7 | github.com/danieljoos/wincred v1.0.2 // indirect 8 | github.com/godbus/dbus v4.1.0+incompatible // indirect 9 | github.com/mdp/qrterminal v1.0.1 10 | github.com/mitchellh/go-homedir v1.1.0 11 | github.com/spf13/cobra v0.0.5 12 | github.com/spf13/viper v1.4.0 13 | github.com/zalando/go-keyring v0.0.0-20190603084339-02404fc6afd1 14 | ) 15 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright © 2019 StevenACoffman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | # This is an example goreleaser.yaml file with some sane defaults. 2 | # Make sure to check the documentation at http://goreleaser.com 3 | before: 4 | hooks: 5 | # you may remove this if you don't use vgo 6 | - go mod download 7 | # you may remove this if you don't need go generate 8 | - go generate ./... 9 | builds: 10 | - env: 11 | - CGO_ENABLED=0 12 | archives: 13 | - replacements: 14 | darwin: Darwin 15 | linux: Linux 16 | windows: Windows 17 | 386: i386 18 | amd64: x86_64 19 | checksum: 20 | name_template: 'checksums.txt' 21 | snapshot: 22 | name_template: "{{ .Tag }}-next" 23 | changelog: 24 | sort: asc 25 | filters: 26 | exclude: 27 | - '^docs:' 28 | - '^test:' 29 | brews: 30 | - 31 | name: keyfob 32 | github: 33 | owner: StevenACoffman 34 | name: homebrew-keyfob 35 | folder: Formula 36 | homepage: "https://github.com/StevenACoffman/keyfob" 37 | description: keyfob - a two-factor authentication agent suitable for AWS and Github 38 | test: | 39 | system "#{bin}/keyfob", "--version" 40 | install: | 41 | bin.install "keyfob" => "keyfob" 42 | 43 | prefix.install_metafiles -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | /* 2 | The MIT License (MIT) 3 | 4 | Copyright © 2019 StevenACoffman 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | THE SOFTWARE. 23 | */ 24 | package main 25 | 26 | import ( 27 | "github.com/StevenACoffman/keyfob/cmd" 28 | "log" 29 | ) 30 | 31 | func main() { 32 | log.SetPrefix("keyfob: ") 33 | log.SetFlags(0) 34 | cmd.Execute() 35 | } 36 | -------------------------------------------------------------------------------- /cmd/qr.go: -------------------------------------------------------------------------------- 1 | // Package cmd is the entry points for all commands 2 | package cmd 3 | 4 | import ( 5 | "encoding/base32" 6 | "fmt" 7 | "github.com/mdp/qrterminal" 8 | "github.com/spf13/cobra" 9 | "github.com/zalando/go-keyring" 10 | "log" 11 | "os" 12 | osUser "os/user" 13 | ) 14 | 15 | // qrCmd represents the qr command 16 | var qrCmd = &cobra.Command{ 17 | Use: "qr [key name]", 18 | Short: "Generate a QR Code for the named key", 19 | Long: `qr [key name] prints a QR Code for the key with the given name. 20 | This can be useful for backing up QR Codes to Google Authenticator or Authy or whatever.`, 21 | Args: cobra.ExactArgs(1), 22 | Run: func(cmd *cobra.Command, args []string) { 23 | 24 | service := "keyfob" 25 | keyName := args[0] 26 | 27 | err := generateQRCode(service, keyName) 28 | if err != nil { 29 | log.Fatal(err) 30 | return 31 | } 32 | }, 33 | } 34 | 35 | func generateQRCode(service, keyName string) error { 36 | secret, err := keyring.Get(service, keyName) 37 | if err != nil { 38 | return err 39 | } 40 | raw, err := decodeKey(secret) 41 | if err != nil { 42 | return fmt.Errorf("%s: malformed key", secret) 43 | } 44 | 45 | currentUser, err := osUser.Current() 46 | if err != nil { 47 | return err 48 | } 49 | uri := fmt.Sprintf("otpauth://totp/%s@%s?secret=%s&issuer=%s", 50 | keyName+":"+currentUser.Username, 51 | keyName, 52 | base32.StdEncoding.EncodeToString(raw), 53 | keyName, 54 | ) 55 | 56 | qrterminal.Generate(uri, qrterminal.L, os.Stderr) 57 | return nil 58 | } 59 | func init() { 60 | rootCmd.AddCommand(qrCmd) 61 | } 62 | -------------------------------------------------------------------------------- /cmd/vault.go: -------------------------------------------------------------------------------- 1 | // Package cmd is the entry points for all commands 2 | package cmd 3 | 4 | import ( 5 | "fmt" 6 | "github.com/spf13/cobra" 7 | "log" 8 | "os/exec" 9 | ) 10 | 11 | // vaultCmd represents the vault command 12 | var vaultCmd = &cobra.Command{ 13 | Use: "vault [key name] [aws profile]", 14 | Short: "AWS credential helper using AWS Vault and Time-based One Time Password", 15 | Long: `"vault [key name] [aws profile] will act as an AWS credential helper using 16 | AWS Vault and Time-based One Time Password 17 | Ref: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes`, 18 | Args: cobra.ExactArgs(2), 19 | Run: func(cmd *cobra.Command, args []string) { 20 | service := "keyfob" 21 | user := args[0] 22 | profile := args[1] 23 | codeText, err := generateTOTP(service, user) 24 | if err != nil { 25 | log.Fatal(err) 26 | return 27 | } 28 | out, err := exec.Command( 29 | "aws-vault", "exec", "--mfa-token="+codeText, "-j", profile).CombinedOutput() 30 | fmt.Println(string(out)) 31 | if err != nil { 32 | log.Fatalf("aws-vault returned %v", err) 33 | } 34 | }, 35 | } 36 | 37 | func init() { 38 | rootCmd.AddCommand(vaultCmd) 39 | 40 | // Here you will define your flags and configuration settings. 41 | 42 | // Cobra supports Persistent Flags which will work for this command 43 | // and all subcommands, e.g.: 44 | // vaultCmd.PersistentFlags().String("foo", "", "A help for foo") 45 | 46 | // Cobra supports local flags which will only run when this command 47 | // is called directly, e.g.: 48 | // vaultCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") 49 | } 50 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Script will setup pretty much everything you need 4 | 5 | # Installing keyfob 6 | 7 | if [ ! -x "$(command -v keyfob)" ]; then 8 | echo "keyfob is not installed, so I'm going to go grab the mac one for you" 9 | if [ ! -x "$(command -v brew)" ]; then 10 | KEYFOB_RELEASE='0.4.0' 11 | echo "Homebrew is not installed, so I'm going to grab the v${KEYFOB_RELEASE} current release from github" 12 | wget -O - "https://github.com/StevenACoffman/keyfob/releases/download/v${KEYFOB_RELEASE}/keyfob_${KEYFOB_RELEASE}_Darwin_x86_64.tar.gz" | tar xzvf 13 | mkdir -p /usr/local/bin 14 | mv keyfob /usr/local/bin 15 | else 16 | echo "Using homebrew and tapping StevenACoffman/keyfob" 17 | brew tap StevenACoffman/keyfob 18 | brew install keyfob 19 | fi 20 | 21 | fi 22 | 23 | if [ ! -x "$(command -v aws-vault)" ]; then 24 | echo "keyfob is not installed, so I'm going to go grab the mac one for you" 25 | if [ ! -x "$(command -v brew)" ]; then 26 | echo "Homebrew is not installed, so I'm **NOT** going to install aws-vault for you automatically" 27 | else 28 | echo "Using homebrew cask to install aws-vault" 29 | brew cask install aws-vault 30 | fi 31 | 32 | fi 33 | 34 | filename="${HOME}/.2fa" 35 | 36 | if [ -f $filename ]; then 37 | echo "Snarfing secrets from 2fa for you" 38 | cat $filename | while read line 39 | do 40 | SIZE="$(echo $line | awk '{print $2}')" 41 | KEY="$(echo $line | awk '{print $1}')" 42 | VALUE="$(echo $line | awk '{print $3}')" 43 | echo "Processing $KEY" >/dev/tty 44 | keyfob add "${KEY}" "${VALUE}" 45 | done 46 | else 47 | echo "${filename} does not exist so not automatically copying any keys from 2fa" 48 | fi 49 | -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- 1 | // Package cmd is the entry points for all commands 2 | package cmd 3 | 4 | import ( 5 | "fmt" 6 | "github.com/spf13/cobra" 7 | "os" 8 | 9 | homedir "github.com/mitchellh/go-homedir" 10 | "github.com/spf13/viper" 11 | ) 12 | 13 | var cfgFile string 14 | 15 | // rootCmd represents the base command when called without any subcommands 16 | var rootCmd = &cobra.Command{ 17 | Use: "keyfob", 18 | Short: "keyfob is a two-factor authentication agent suitable for AWS and Github.", 19 | Long: `keyfob is a two-factor authentication agent suitable for AWS and Github. Works pretty much the same as Google Authenticator or Authy, but uses your laptop's keychain.`, 20 | Version: "0.3.0", 21 | // Uncomment the following line if your bare application 22 | // has an action associated with it: 23 | // Run: func(cmd *cobra.Command, args []string) { }, 24 | } 25 | 26 | // Execute adds all child commands to the root command and sets flags appropriately. 27 | // This is called by main.main(). It only needs to happen once to the rootCmd. 28 | func Execute() { 29 | if err := rootCmd.Execute(); err != nil { 30 | fmt.Println(err) 31 | os.Exit(1) 32 | } 33 | } 34 | 35 | func init() { 36 | cobra.OnInitialize(initConfig) 37 | 38 | } 39 | 40 | // initConfig reads in config file and ENV variables if set. 41 | func initConfig() { 42 | if cfgFile != "" { 43 | // Use config file from the flag. 44 | viper.SetConfigFile(cfgFile) 45 | } else { 46 | // Find home directory. 47 | home, err := homedir.Dir() 48 | if err != nil { 49 | fmt.Println(err) 50 | os.Exit(1) 51 | } 52 | 53 | // Search config in home directory with name ".keyfob" (without extension). 54 | viper.AddConfigPath(home) 55 | viper.SetConfigName(".keyfob") 56 | } 57 | 58 | viper.AutomaticEnv() // read in environment variables that match 59 | 60 | // If a config file is found, read it in. 61 | if err := viper.ReadInConfig(); err == nil { 62 | fmt.Println("Using config file:", viper.ConfigFileUsed()) 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /cmd/add.go: -------------------------------------------------------------------------------- 1 | // Package cmd is the entry points for all commands 2 | package cmd 3 | 4 | import ( 5 | "bufio" 6 | "github.com/spf13/cobra" 7 | "github.com/zalando/go-keyring" 8 | "log" 9 | "os" 10 | "strings" 11 | "unicode" 12 | ) 13 | 14 | // addCmd represents the add command 15 | var addCmd = &cobra.Command{ 16 | Use: "add [key name] [optional key value]", 17 | Short: "adds or overwrites a new key to the keychain with the given name", 18 | Long: `adds or overwrites a new key to the keychain with the given name. 19 | It prints a prompt to standard error and reads a two-factor key from standard input. 20 | Two-factor keys are short case-insensitive strings of letters A-Z and digits 2-7.`, 21 | Args: cobra.RangeArgs(1, 2), 22 | Run: func(cmd *cobra.Command, args []string) { 23 | 24 | service := "keyfob" 25 | name := args[0] 26 | 27 | var text string 28 | 29 | if len(args) == 1 { 30 | log.Printf("enter key secret to add for %s: ", name) 31 | text, err := bufio.NewReader(os.Stdin).ReadString('\n') 32 | if err != nil { 33 | log.Fatalf("error reading key: %v", err) 34 | } 35 | text = strings.Map(noSpace, text) 36 | text += strings.Repeat("=", -len(text)&7) // pad to 8 bytes 37 | 38 | } else { 39 | 40 | text = args[1] 41 | } 42 | 43 | if _, err := decodeKey(text); err != nil { 44 | log.Fatalf("invalid key: %v", err) 45 | } 46 | 47 | err := keyring.Set(service, name, text) 48 | if err != nil { 49 | log.Fatalf("Unable to write application password for keyfob: %v", err) 50 | } 51 | }, 52 | } 53 | 54 | func init() { 55 | rootCmd.AddCommand(addCmd) 56 | 57 | // Here you will define your flags and configuration settings. 58 | 59 | // Cobra supports Persistent Flags which will work for this command 60 | // and all subcommands, e.g.: 61 | // addCmd.PersistentFlags().String("foo", "", "A help for foo") 62 | 63 | // Cobra supports local flags which will only run when this command 64 | // is called directly, e.g.: 65 | // addCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") 66 | } 67 | 68 | func noSpace(r rune) rune { 69 | if unicode.IsSpace(r) { 70 | return -1 71 | } 72 | return r 73 | } 74 | -------------------------------------------------------------------------------- /cmd/otp.go: -------------------------------------------------------------------------------- 1 | // Package cmd is the entry points for all commands 2 | package cmd 3 | 4 | import ( 5 | "crypto/hmac" 6 | "crypto/sha1" 7 | "encoding/base32" 8 | "encoding/binary" 9 | "fmt" 10 | "github.com/atotto/clipboard" 11 | "github.com/spf13/cobra" 12 | "github.com/zalando/go-keyring" 13 | "log" 14 | "strings" 15 | "time" 16 | ) 17 | 18 | // otpCmd represents the otp command 19 | var otpCmd = &cobra.Command{ 20 | Use: "otp [key name]", 21 | Short: "Generate a One Time Password for the named key", 22 | Long: `otp [key name] prints a two-factor authentication code from the key with the given name. 23 | If -clip is specified, otp also copies to the code to the system clipboard. 24 | With no arguments, otp prints two-factor authentication codes from all known time-based keys. 25 | 26 | The default time-based authentication codes are derived from a hash of the key and the current time, 27 | so it is important that the system clock have at least one-minute accuracy.`, 28 | Args: cobra.ExactArgs(1), 29 | Run: func(cmd *cobra.Command, args []string) { 30 | 31 | service := "keyfob" 32 | keyName := args[0] 33 | 34 | codeText, err := generateTOTP(service, keyName) 35 | if err != nil { 36 | log.Fatal(err) 37 | return 38 | } 39 | 40 | if clip { 41 | clipboard.WriteAll(codeText) 42 | } 43 | //fmt has no prefix, log does 44 | fmt.Printf("%s\n", codeText) 45 | 46 | }, 47 | } 48 | 49 | func generateTOTP(service, keyName string) (string, error) { 50 | secret, err := keyring.Get(service, keyName) 51 | if err != nil { 52 | return "", err 53 | } 54 | raw, err := decodeKey(secret) 55 | if err != nil { 56 | return "", fmt.Errorf("%s: malformed key", secret) 57 | } 58 | code := totp(raw, time.Now(), 6) 59 | codeText := fmt.Sprintf("%0*d", 6, code) 60 | 61 | return codeText, nil 62 | } 63 | 64 | var clip bool 65 | 66 | func init() { 67 | rootCmd.AddCommand(otpCmd) 68 | 69 | // Here you will define your flags and configuration settings. 70 | 71 | // Cobra supports Persistent Flags which will work for this command 72 | // and all subcommands, e.g.: 73 | // otpCmd.PersistentFlags().String("foo", "", "A help for foo") 74 | 75 | // Cobra supports local flags which will only run when this command 76 | // is called directly, e.g.: 77 | otpCmd.Flags().BoolVarP(&clip, "clip", "c", false, "If -clip is specified, also copies the code to the system clipboard.") 78 | } 79 | 80 | func decodeKey(key string) ([]byte, error) { 81 | return base32.StdEncoding.DecodeString(strings.ToUpper(key)) 82 | } 83 | 84 | func hotp(key []byte, counter uint64, digits int) int { 85 | h := hmac.New(sha1.New, key) 86 | binary.Write(h, binary.BigEndian, counter) 87 | sum := h.Sum(nil) 88 | v := binary.BigEndian.Uint32(sum[sum[len(sum)-1]&0x0F:]) & 0x7FFFFFFF 89 | d := uint32(1) 90 | for i := 0; i < digits && i < 8; i++ { 91 | d *= 10 92 | } 93 | return int(v % d) 94 | } 95 | 96 | func totp(key []byte, t time.Time, digits int) int { 97 | return hotp(key, uint64(t.UnixNano())/30e9, digits) 98 | } 99 | -------------------------------------------------------------------------------- /cmd/list.go: -------------------------------------------------------------------------------- 1 | // Package cmd is the entry points for all commands 2 | package cmd 3 | 4 | import ( 5 | "fmt" 6 | "github.com/spf13/cobra" 7 | "log" 8 | "os/exec" 9 | "strings" 10 | ) 11 | 12 | const ( 13 | execPathKeychain = "/usr/bin/security" 14 | ) 15 | 16 | // listCmd represents the list command 17 | var listCmd = &cobra.Command{ 18 | Use: "list", 19 | Short: "A brief description of your command", 20 | Long: `A longer description that spans multiple lines and likely contains examples 21 | and usage of using your command. For example: 22 | 23 | Cobra is a CLI library for Go that empowers applications. 24 | This application is a tool to generate the needed files 25 | to quickly create a Cobra application.`, 26 | Args: cobra.NoArgs, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | List("keyfob") 29 | }, 30 | } 31 | 32 | func parseValue(line string) string { 33 | words := strings.FieldsFunc(line, func(r rune) bool { 34 | if r == '"' { 35 | return true 36 | } 37 | return false 38 | }) 39 | if len(words) > 3 { 40 | return words[3] 41 | } 42 | return "" 43 | } 44 | 45 | // List shows secret key names, identified by service, from the keyring. 46 | func List(service string) (string, error) { 47 | out, err := exec.Command( 48 | execPathKeychain, 49 | "dump-keychain").CombinedOutput() 50 | 51 | if err != nil { 52 | log.Fatal(err) 53 | } 54 | outString := string(out) 55 | 56 | parseDump(outString) 57 | 58 | return "", nil 59 | } 60 | 61 | func parseDump(keychainDump string) { 62 | lines := strings.FieldsFunc(keychainDump, func(r rune) bool { 63 | if r == '\n' { 64 | return true 65 | } 66 | return false 67 | }) 68 | classMatches := false 69 | account := "" 70 | serviceMatches := false 71 | for _, line := range lines { 72 | 73 | if strings.HasPrefix(line, "keychain:") { 74 | if classMatches && serviceMatches { 75 | fmt.Println(account) 76 | } 77 | classMatches = false 78 | account = "" 79 | serviceMatches = false 80 | } 81 | if strings.HasPrefix(line, "class:") { 82 | classMatches = line == "class: \"genp\"" 83 | } 84 | if strings.HasPrefix(line, " \"acct\"=\"") { 85 | account = parseValue(line) 86 | } 87 | if strings.HasPrefix(line, " \"svce\"=\"") { 88 | serviceMatches = parseValue(line) == "keyfob" 89 | } 90 | } 91 | // if the very last one was a match, this catches it 92 | if classMatches && serviceMatches { 93 | fmt.Println(account) 94 | } 95 | } 96 | 97 | func init() { 98 | rootCmd.AddCommand(listCmd) 99 | 100 | // Here you will define your flags and configuration settings. 101 | 102 | // Cobra supports Persistent Flags which will work for this command 103 | // and all subcommands, e.g.: 104 | // listCmd.PersistentFlags().String("foo", "", "A help for foo") 105 | 106 | // Cobra supports local flags which will only run when this command 107 | // is called directly, e.g.: 108 | // listCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") 109 | } 110 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![GoDoc](https://godoc.org/github.com/StevenACoffman/keyfob?status.svg)](https://godoc.org/github.com/StevenACoffman/keyfob) 2 | [![GoReportcard](https://goreportcard.com/badge/github.com/StevenACoffman/keyfob?status.svg)](https://goreportcard.com/report/github.com/StevenACoffman/keyfob) 3 | # Keyfob 4 | keyfob is a two-factor authentication agent suitable for AWS and Github. Works pretty much the same as Google Authenticator or Authy, but uses your laptop's keychain. 5 | 6 | ## Installation 7 | 8 | If you use homebrew: 9 | 10 | ``` 11 | brew tap StevenACoffman/keyfob 12 | brew install keyfob 13 | ``` 14 | Any subsequent releases should get picked up automatically with `brew upgrade` 15 | 16 | If don't use homewbrew, and you're on a mac, you can just do this: 17 | 18 | wget -O - https://raw.githubusercontent.com/StevenACoffman/keyfob/master/install.sh | bash 19 | 20 | 21 | This will download the github 0.3.0 binary release for mac, and move any of your MFA secrets from `2fa` over to your keychain. 22 | 23 | ## Usage 24 | 25 | keyfob add [name] [key] 26 | keyfob otp [name] 27 | keyfob list 28 | keyfob qr [name] 29 | keyfob vault [name] [profile] 30 | keyfob help 31 | 32 | + `keyfob add name` adds a new key to the keyfob keychain with the given name. It 33 | prints a prompt to standard error and reads a two-factor key from standard 34 | input. Two-factor keys are short case-insensitive strings of letters A-Z and 35 | digits 2-7. 36 | 37 | The new key generates time-based (TOTP) authentication codes. 38 | 39 | + `keyfob otp [name]` prints a One Time Password (aka two-factor authentication) code from the key with the 40 | given name. If `--clip` is specified, `keyfob` also copies to the code to the system 41 | clipboard. 42 | 43 | + `keyfob list` prints the names of all the added keys, if any. 44 | 45 | + `keyfob qr [name]` prints a QR Code for the key with the given name. This can be useful for backing up QR Codes to Google Authenticator or Authy or whatever. 46 | 47 | + `keyfob vault [name] [profile]` acts as a will act as an [AWS credential helper](https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes) using [AWS Vault](https://github.com/99designs/aws-vault/) and a One Time Password. 48 | 49 | The Time-based One Time Password (TOTP) authentication codes are derived from a hash of the 50 | key and the current time, so it is important that the system clock have at 51 | least one-minute accuracy. 52 | 53 | The keychain is stored unencrypted in the text file `$HOME/.keyfob`. 54 | 55 | ## Example 56 | 57 | During GitHub 2FA setup, at the “Scan this barcode with your app” step, 58 | click the “enter this text code instead” link. A window pops up showing 59 | “your two-factor secret,” a short string of letters and digits. 60 | 61 | Add it to keyfob under the name github and append the secret: 62 | 63 | $ keyfob add github nzxxiidbebvwk6jb 64 | 65 | Then whenever GitHub prompts for a 2FA code, run keyfob to obtain one: 66 | 67 | $ keyfob otp github 68 | 268346 69 | 70 | ## Derivation (Credit where Credit is due) 71 | 72 | This is just a little toy cobbled together from [2fa](https://github.com/rsc/2fa/), [cobra](https://github.com/spf13/cobra), and [go-keyring](https://github.com/zalando/go-keyring) and using [goreleaser](https://github.com/goreleaser/goreleaser). 73 | The directions I had below this were confusing, so I stole some of the directions from [this article on how to do a similar thing with a yubikey](https://hackernoon.com/use-a-yubikey-as-a-mfa-device-to-replace-google-authenticator-b4f4c0215f2). 74 | 75 | ## Really, does this make sense? 76 | 77 | At least to me, it does. My laptop features encrypted storage, a stronger authentication mechanism, and I take good care of its physical integrity. 78 | 79 | My phone also runs arbitrary apps, is constantly connected to the Internet, gets forgotten on tables. 80 | 81 | Thanks to the convenience of a command line utility, I'm more likely to enable MFA in more places. 82 | 83 | Clearly a win for security. 84 | 85 | ## Dependencies 86 | 87 | #### OS X 88 | 89 | The OS X implementation depends on the `/usr/bin/security` binary for 90 | interfacing with the OS X keychain. It should be available by default. 91 | 92 | #### Linux 93 | 94 | The Linux implementation depends on the [Secret Service][SecretService] dbus 95 | interface, which is provided by [GNOME Keyring](https://wiki.gnome.org/Projects/GnomeKeyring). 96 | 97 | It's expected that the default collection `login` exists in the keyring, because 98 | it's the default in most distros. If it doesn't exist, you can create it through the 99 | keyring frontend program [Seahorse](https://wiki.gnome.org/Apps/Seahorse): 100 | 101 | * Open `seahorse` 102 | * Go to **File > New > Password Keyring** 103 | * Click **Continue** 104 | * When asked for a name, use: **login** 105 | 106 | 107 | ## Usage with aws-vault 108 | 109 | This assumes you have installed `keyfob` and `aws-vault` but need to set up your secrets. See [aws-vault](https://github.com/99designs/aws-vault) for instructions on setting that up. 110 | 111 | __*Note:*__ Your own organization __*might*__ have a different preferred `source_profile` name from `source` below, and your AWS account number is probably not `111111111111`. 112 | 113 | 1. Skip to **[2](#2)** if you already added your AWS access key and secret access key to aws vault. Otherwise do this: 114 | ``` 115 | $ brew cask install aws-vault 116 | $ brew install go zbar awscli 117 | $ aws-vault add source --keychain login 118 | ``` 119 | 120 | 2. Go to the AWS Web console to [make a new MFA token](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-iam-user). 121 | 122 | 3. After login, go to IAM > Users and click in your user name. Then you need to click on the “Security credentials” tab. 123 | 124 | 125 | 4. To assign an MFA device, just click Manage. If you have an existing one, you must remove it. In the next screen, select “Virtual MFA device”. 126 | 127 | 128 | 5. Here you can choose to show the QR code or to show the text of the MFA secret key. For our purposes, we want the secret key only. 129 | 130 | 131 | 6. Add your MFA secret (from above) to keyfob: 132 | ``` 133 | keyfob add aws-source 134 | ``` 135 | 136 | 7. Then run `keyfob otp aws-source` a few times, to get two different, but consecutive 6-digit codes and complete the set up. 137 | 138 | 139 | 8. Add to your `.aws/config` file something like this: 140 | ``` 141 | [default] 142 | credential_process = keyfob vault aws-source engineer 143 | region = us-east-1 144 | output = json 145 | 146 | [profile source] 147 | region = us-east-1 148 | mfa_serial = arn:aws:iam::111111111111:mfa/scoffman 149 | 150 | [profile engineer] 151 | mfa_serial = arn:aws:iam::111111111111:mfa/scoffman 152 | region = us-east-1 153 | role_arn = arn:aws:iam::111111111111:role/put-power-role-here 154 | source_profile = source 155 | ``` 156 | 9. Run `aws-vault add source --keychain login` and provide your AWS secret access key and AWS access key when prompted. 157 | 158 | Here `default` profile depends on `engineer` profile which depends on `source` profile. 159 | 1. The `default` profile specifies a `credential_process`, which will tell `keyfob` to use the `engineer` profile when invoking `aws-vault` 160 | 2. The `engineer` profile specifies a `source_profile` which uses the `source` profile for credentials in `aws-vault`. 161 | 3. The `source` profile has credentials stored by `aws-vault` in the keychain. 162 | 163 |
:bulb: NOTE: Make sure you've edited and replaced the AWS account, userid, and power-role above.
164 | 165 | If your AWS user doesn't need to assume a privileged role, then omit the `engineer` profile and use `keyfob vault aws-source source` as the `credential_process`. 166 | 167 | You also don't have to make the keyfob profile be the default, but some AWS SDKs (looking at you Java) may struggle otherwise. 168 | 169 | You also may want to export something like these environment variables in your `.bash_profile` or `.bashrc` (or whatever zsh uses): 170 | ``` 171 | export AWS_MY_USERNAME='scoffman' 172 | export AWS_SDK_LOAD_CONFIG=true 173 | export AWS_REGION="us-east-1" 174 | export AWS_DEFAULT_REGION="us-east-1" 175 | export AWS_DEFAULT_OUTPUT="json" 176 | export AWS_VAULT_KEYCHAIN_NAME='login' 177 | export AWS_MFA_NAME='aws-source' 178 | # 3600s is max for chaining roles 179 | export AWS_ASSUME_ROLE_TTL='3600s' 180 | export AWS_SESSION_TTL='12h' 181 | export AWS_FEDERATION_TOKEN_TTL='12h' 182 | ``` 183 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= 3 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 4 | github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= 5 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= 6 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= 7 | github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= 8 | github.com/atotto/clipboard v0.1.2 h1:YZCtFu5Ie8qX2VmVTBnrqLSiU9XOWwqNRmdT3gIQzbY= 9 | github.com/atotto/clipboard v0.1.2/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= 10 | github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= 11 | github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= 12 | github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= 13 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 14 | github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= 15 | github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= 16 | github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= 17 | github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= 18 | github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= 19 | github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= 20 | github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= 21 | github.com/danieljoos/wincred v1.0.2 h1:zf4bhty2iLuwgjgpraD2E9UbvO+fe54XXGJbOwe23fU= 22 | github.com/danieljoos/wincred v1.0.2/go.mod h1:SnuYRW9lp1oJrZX/dXJqr0cPK5gYXqx3EJbmjhLdK9U= 23 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 24 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 25 | github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= 26 | github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= 27 | github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= 28 | github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= 29 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 30 | github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= 31 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= 32 | github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= 33 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= 34 | github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= 35 | github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= 36 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= 37 | github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= 38 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 39 | github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 40 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 41 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 42 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 43 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 44 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 45 | github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= 46 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= 47 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= 48 | github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= 49 | github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= 50 | github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= 51 | github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= 52 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= 53 | github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= 54 | github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= 55 | github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= 56 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 57 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 58 | github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= 59 | github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= 60 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 61 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 62 | github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= 63 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 64 | github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= 65 | github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= 66 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= 67 | github.com/mdp/qrterminal v1.0.1 h1:07+fzVDlPuBlXS8tB0ktTAyf+Lp1j2+2zK3fBOL5b7c= 68 | github.com/mdp/qrterminal v1.0.1/go.mod h1:Z33WhxQe9B6CdW37HaVqcRKzP+kByF3q/qLxOGe12xQ= 69 | github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= 70 | github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= 71 | github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= 72 | github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= 73 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= 74 | github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= 75 | github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= 76 | github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= 77 | github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 78 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 79 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 80 | github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= 81 | github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= 82 | github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= 83 | github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 84 | github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= 85 | github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= 86 | github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= 87 | github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= 88 | github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= 89 | github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= 90 | github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= 91 | github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= 92 | github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= 93 | github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= 94 | github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI= 95 | github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= 96 | github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= 97 | github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= 98 | github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s= 99 | github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= 100 | github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= 101 | github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= 102 | github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= 103 | github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 104 | github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= 105 | github.com/spf13/viper v1.4.0 h1:yXHLWeravcrgGyFSyCgdYpXQ9dR9c/WED3pg1RhxqEU= 106 | github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= 107 | github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= 108 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 109 | github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= 110 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 111 | github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= 112 | github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= 113 | github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= 114 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= 115 | github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= 116 | github.com/zalando/go-keyring v0.0.0-20190603084339-02404fc6afd1 h1:kuqxQDUfc9G+99kN1RNlbw6ob1OPWkyQ0kWgCIeZjWk= 117 | github.com/zalando/go-keyring v0.0.0-20190603084339-02404fc6afd1/go.mod h1:XlXBIfkGawHNVOHlenOaBW7zlfCh8LovwjOgjamYnkQ= 118 | go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= 119 | go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= 120 | go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= 121 | go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= 122 | golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 123 | golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= 124 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 125 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 126 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 127 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 128 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 129 | golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 130 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 131 | golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= 132 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 133 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 134 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 135 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 136 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 137 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 138 | golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 139 | golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 140 | golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 141 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= 142 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 143 | golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= 144 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 145 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 146 | golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 147 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 148 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 149 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 150 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 151 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 152 | google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= 153 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= 154 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 155 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= 156 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 157 | gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= 158 | gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= 159 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 160 | gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= 161 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 162 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 163 | rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY= 164 | rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs= 165 | --------------------------------------------------------------------------------