In recent versions of gpg, it can serve as an SSH agent. This allows you to easily store your SSH key on a hardware device, like a yubikey.
Unfortunately, in this setup, if you're using ssh-ca, get_cert will fail with:
$ get_cert "<url>"
Unable to find private key matching certificate.
Because it tries to find the private key in ~/.ssh. Since the private key is stored on a hardware device, it doesn't find it.
A simple workaround is to just curl "<url>" ~/.ssh/id_rsa-cert.pub instead of using get_cert, but it would be nice if get_cert just worked.
In recent versions of gpg, it can serve as an SSH agent. This allows you to easily store your SSH key on a hardware device, like a yubikey.
Unfortunately, in this setup, if you're using ssh-ca,
get_certwill fail with:Because it tries to find the private key in ~/.ssh. Since the private key is stored on a hardware device, it doesn't find it.
A simple workaround is to just
curl "<url>" ~/.ssh/id_rsa-cert.pubinstead of usingget_cert, but it would be nice ifget_certjust worked.