Your Brain on ChatGPT: Accumulation of Cognitive Debt When Using an AI Assistant (fermatslibrary.com)

1Password with their SSH agent [1] for SSH keys, their CLI [2] for local secrets, and their terraform provider with service tokens for infrastructure keys/secrets. Yubikey for the secrets I’m most paranoid about.

You can essentially encrypt all environment variables, not just SSH keys, by aliasing your terminal commands to the 1password CLI. I have a “secrets” repo where all dotenv files are checked in with values like “op://vault-name/secret-name/key-name” that get injected by the op cli.

[1] https://developer.1password.com/docs/ssh/agent/

[2] https://developer.1password.com/docs/cli/get-started/

mos_6502 · 32d ago

> It seems there is no standard proper way to store private keys.

The gold standard for this would be a Hardware Security Module (HSM), which is essentially a device that stores private keys with certain guarantees of physical security (e.g, that private key material cannot be extracted from the device once it has been generated or placed there, and the device performs operations using the key material on behalf of some client).

HSMs in various forms underpin all sorts of cryptosystems that society depends on, because securing private key material at rest is essential. You'll find them everywhere from your debit/credit card, to certificate authorities, financial institutions, defense, and your smartphone.

For your use case, I'd recommend taking a look at Yubikeys. I did a writeup a while back on how to use them to store different types of private keys for various purposes:

https://blog.ctis.me/2022/12/yubikey-piv-gpg/

leftcenterright · 30d ago

In the stars: https://writingshapeless.substack.com/p/stellar-passphrase-s...

dale_huevo · 32d ago

> And I really don't liek the idea of having the keys stored in the home directory in plain text.

so encrypt them.

or store them in a hardware token.

or on a USB stick (poor man's hardware token).

> There is also a risk of losing the keys if my laptop is damaged or gets stolen.

backups, full disk encryption.

max_ · 32d ago

Hi,

Thanks for this reply. Could you recommend any good "hardware tokens"?

Spooky23 · 30d ago

Yubikeys are the gold standard in this space for most people.

dale_huevo · 32d ago

Nitrokey

atmosx · 32d ago

Paper. There’s a project called paperkey that allows you to store GPG keys on A4 paper. You could apply a similar approach to your age encrypted private keys or store them in plain text.

Modern smartphones have excellent OCR (optical character recognition) capabilities, so converting images of printed text back into digital form is now quite easy and reliable.

Personally, I use 1Password, and even they recommend printing out a PDF copy of your passwords and storing it in a secure location - like a physical vault. It’s a practical backup in case something happens and someone needs access to your credentials.

HenryBemis · 29d ago

Side-note because a friend went through it.. if you are going through a divorce or about to begin divorce procedures, burn that list :)

Your soon-to-be ex-wife will try to get her hands to all these passwords because: 1) she 'will prove' by reading all your emails that you <verb of doing something wrong>, 2) she 'will prove' that you hide money/assets/etc. (because why do you have an account on Bank/Broker XYZ and never told her?), 3) why did you buy flowers from "BuyYourWomanFlowers.com" 4) use your imagination for worse.. anything that can be used against you, will be used against you.

vivokey · 31d ago

Get a vivokey.com/apex implant!

toomuchtodo · 32d ago

https://openbao.org/

znpy · 32d ago

AFAIK you should also be able to store them on the TPM (trusted platform module) on your pc.

oulipo · 32d ago

if you're referring to SSH keys, you can use something like 1Password which stores them encrypted and syncs them in the cloud, so you keep them even if you lose your laptop

imcotton · 31d ago

I have previously written a blog post on this very topic, tl;dr: deleting your keys.

https://blog.imcotton.xyz/my-ssh-folder-has-no-private-keys

bonki · 32d ago

keepass

stop50 · 32d ago

Smartcards + an printed backup in another location.

AI is eating our brains. MIT study: Your brain on ChatGPT (media.mit.edu)

Make little apps for you and your friends (pontus.granstrom.me)

MiniMax-M1 open-weight, large-scale hybrid-attention reasoning model (github.com)

The Grug Brained Developer (2022) (grugbrain.dev)

Honda conducts successful launch and landing of experimental reusable rocket (global.honda)

Your Brain on ChatGPT: Accumulation of Cognitive Debt When Using an AI Assistant (fermatslibrary.com)

Show HN: Lstr – A modern, interactive tree command written in Rust (github.com)

Locally hosting an internet-connected server (mjg59.dreamwidth.org)

Timescale Is Now TigerData (tigerdata.com)

Resurrecting a dead torrent tracker and finding 3M peers (kianbradley.com)

Windows x86-64 System Call Table (XP/2003/Vista/7/8/10/11 and Server) (j00ru.vexillium.org)

Bzip2 crate switches from C to 100% Rust (trifectatech.org)

“Don’t mock what you don't own” in 5 minutes (2022) (hynek.me)

3D-printed device splits white noise into an acoustic rainbow without power (phys.org)

OpenSERDES – Open Hardware Serializer/Deserializer (SerDes) in Verilog (github.com)

Building Effective AI Agents (anthropic.com)

Benchmark: SnapDOM may be a serious alternative to html2canvas (zumerlab.github.io)

What Google Translate can tell us about vibecoding (ingrids.space)

AMD's CDNA 4 Architecture Announcement (chipsandcheese.com)

Now might be the best time to learn software development (substack.com)

Dinesh’s Mid-Summer Death Valley Walk (1998) (dineshdesai.info)

Which company would you prefer to join? (companymatches.com)

I Wrote a Compiler (blog.singleton.io)

Strangers in the Middle of a City: The John and Jane Does of L.A. Medical Center (latimes.com)

Foundry (YC F24) Hiring Early Engineer to Build Web Agent Infrastructure (ycombinator.com)

LLMs pose an interesting problem for DSL designers (kirancodes.me)

Why JPEGs still rule the web (2024) (spectrum.ieee.org)

Making 2.5 Flash and 2.5 Pro GA, and introducing Gemini 2.5 Flash-Lite (blog.google)

Proofs Without Words (artofproblemsolving.com)

The Travel Writer's Dilemma: Share, or Gatekeep? (nytimes.com)

Show HN: I made an online Unicode Cuneiform digital clock (oisinmoran.com)

Time Series Forecasting with Graph Transformers (kumo.ai)

From SDR to 'Fake HDR': Mario Kart World on Switch 2 (alexandermejia.com)

Incant – add magic spells to your code (github.com)

Should we design for iffy internet? (bytes.zone)

Iran asks its people to delete WhatsApp from their devices (apnews.com)

After millions of years, why are carnivorous plants still so small? (smithsonianmag.com)

The hamburger-menu icon today: Is it recognizable? (nngroup.com)

AMD's Pre-Zen Interconnect: Testing Trinity's Northbridge (chipsandcheese.com)

Claude Code feels like magic because it is iterative (omarabid.com)

US Streetlights Are Turning Purple (scientificamerican.com)

The magic of through running (worksinprogress.news)

Fujifilm X half: Is it the perfect family camera? (arslan.io)

Archaeologists unearth ancient bread that survived underground for 5k years (foxnews.com)

KiCad and Wayland Support (kicad.org)

Voyager: Real-Time Splatting City-Scale 3D Gaussians on Your Phone (arxiv.org)

Attempting to Make the Smallest* Electric Motor [video] (youtube.com)

Tesla FSD (Supervised) in Manhattan [video] (youtube.com)

Tetrachromatic Vision (bookofjoe.com)

O3 Turns Pro (thezvi.substack.com)

Ask HN: How do you store private keys?

Comments (16)