Secure maintainer workflow, continued

1 · Ned Batchelder · Dec. 22, 2022, 12:03 p.m.
Picking up from Secure maintainer workflow, especially the comments there (thanks!), here are some more things I’m doing to keep my maintainer workflow safe.1Password ssh: I’m using 1Password as my SSH agent. It works really well, and uses the Mac Touch ID for authorization. Now I have no private keys in my ~/.ssh directory. I’ve been very impressed with 1Password’s helpful and comprehensive approach to configuration and settings.Improved environment variables: I’ve updated my opvars and unopv...