Using Secretive and TouchID for sshing
What is Secretive?
Secretive is an open-source macOS app for protecting and managing SSH keys with the Secure Enclave.
How do I set it up?
Download the app from https://github.com/maxgoedjen/secretive/releases and drag it to your Applications folder.
Launch the app and create an ssh key. You can choose to require TouchID each time the key is used or simply be notified when the key is used

Set up
SSH_AUTH_SOCKin your zshrc or bashrc to point to Secretive’s agent.% cat ~/.zshrc export SSH_AUTH_SOCK=/Users/bk/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.sshRefresh your shell config:
source ~/.zshrcGrab public ssh key from Secretive.

Upload your public key to whatever service you are interested in authenticating to, such as Github or Digital Ocean.


Try to use your ssh key. For example, if you uploaded your key to Github for auth, you can test your connection to Github:
ssh -T git@github.com.Secretive’s SecretAgent should prompt you for TouchID in order to access the private key.

If you have an Apple Watch, you can even approve the access from your watch!

In the case of Github, if your authentication was successful you will see this:
Hi discentem! You've successfully authenticated, but GitHub does not provide shell access.