From e8e4ba05251d0bc4fa1b1d82c73892c64c4f7b86 Mon Sep 17 00:00:00 2001
From: Grégoire Duchêne <gduchene@awhk.org>
Date: Sun, 28 Feb 2021 13:59:50 +0000
Subject: zsh: Use fingerprints in op-ssh-add

---
 zsh/functions/op-ssh-add | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/zsh/functions/op-ssh-add b/zsh/functions/op-ssh-add
index 012424f..ad55d6c 100644
--- a/zsh/functions/op-ssh-add
+++ b/zsh/functions/op-ssh-add
@@ -1,14 +1,26 @@
 # -*- mode: sh -*-
 
+# op-ssh-add will add SSH keys to the agent, but will fetch the
+# passphrase in 1Password rather than prompt you for it.
+#
+# To be found, keys must have the following three things:
+#
+#   1. Have the password field set to the passphrase of the key,
+#   2. Have an `SSH' tag set, and
+#   3. Have a `fingerprint' field set to the fingerprint of the key.
+#
+# You must also have the 1Password CLI tool (op) and jq installed.
+
 if [[ ${@[1]} =~ '-[DdKLlTXx]' ]]; then
   $(which -p ssh-add) $@
   return $?
 fi
 
-local prv pub
+local fp prv pub
 for prv (${@[-1]} ~/.ssh/id_{ecdsa,ed25519}{,_sk}); do
   if [[ -f ${prv}.pub ]]; then
     pub=${prv}.pub
+    fp=$(cut -d' ' -f2 <<< $(ssh-keygen -f ${pub} -l))
     break
   fi
 done
@@ -24,10 +36,11 @@ if [[ -z ${session} ]]; then
 fi
 zmodload zsh/zpty
 zpty ssh $(which -p ssh-add) $@
-zpty -w ssh $(op get item                \
-                 $(cut -d' ' -f3 ${pub}) \
-                 --fields password       \
-                 --session ${session})
+zpty -w ssh $(op list items --session ${session} --tags SSH \
+                | op get item                               \
+                     --fields fingerprint,password          \
+                     --session ${session} -                 \
+                | jq -jr "select(.fingerprint == \"${fp}\") | .password")
 zpty -r ssh
 zpty -d ssh
 op signout --session ${session}
-- 
cgit v1.2.3-70-g09d2