I built an open source macOS app that allows you to unlock your SSH and GPG key passphrases with Touch ID. You can also store secrets and inject them into your dev environment using the CLI, and store `age` encryption keys in the Secure Enclave.
I started working on this because I was setting up a new computer, and I didn't like how janky the Mac GPG pinentry tool felt.
Secrets management came later because I also wanted an alternative to 1Password's secrets injection, which only works while online for some reason. This allows me to store `axo://...` URLs in my config files, which get dynamically populated with `ap inject`. The vault spec is inspired by SOPs.
The reason this is an app and not just a CLI tool is because it integrates directly with Apple's Security framework and needs to be codesigned and notarized - an interesting (annoying) problem I should write about
Looking to the future, I'm planning to add support for syncing secret vaults with git, SOPs-backed vaults, syncing public keys to Github, GPG key management (I keep forgetting how to renew my keys), and maybe even implement the ssh-agent protocol so I can store my SSH keys in the app. It's a long list but it will solve many paper cuts of mine.
Would love some early feedback, happy to answer any questions.