external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-12-16 22:10:57 +00:00
Code Issues Projects Releases Wiki Activity

Pulling out a bunch of openssh stuff to dedicated package. (#775)

Browse Source
This commit is contained in:
Max Goedjen 2025-12-14 11:54:56 -08:00 committed by GitHub
parent 845b1ec313
commit 2b712864d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
25 changed files with 158 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Package.swift
View File

@ -22,6 +22,9 @@ let package = Package(
.library(
name: "SmartCardSecretKit",
targets: ["SmartCardSecretKit"]),
.library(
name: "SSHProtocolKit",
targets: ["SSHProtocolKit"]),
],
dependencies: [
],
@ -53,6 +56,19 @@ let package = Package(
resources: [localization],
swiftSettings: swiftSettings
),
.target(
name: "SSHProtocolKit",
dependencies: ["SecretKit"],
path: "Sources/Packages/Sources/SSHProtocolKit",
resources: [localization],
swiftSettings: swiftSettings,
),
.testTarget(
name: "SSHProtocolKitTests",
dependencies: ["SSHProtocolKit"],
path: "Sources/Packages/Tests/SSHProtocolKitTests",
swiftSettings: swiftSettings,
),
]
)

22
Sources/Packages/Package.swift
View File

@ -21,7 +21,7 @@ let package = Package(
targets: ["SmartCardSecretKit"]),
.library(
name: "SecretAgentKit",
targets: ["SecretAgentKit", "XPCWrappers"]),
targets: ["SecretAgentKit"]),
.library(
name: "Common",
targets: ["Common"]),
@ -31,6 +31,9 @@ let package = Package(
.library(
name: "XPCWrappers",
targets: ["XPCWrappers"]),
.library(
name: "SSHProtocolKit",
targets: ["SSHProtocolKit"]),
],
dependencies: [
],
@ -60,7 +63,7 @@ let package = Package(
),
.target(
name: "SecretAgentKit",
dependencies: ["SecretKit"],
dependencies: ["SecretKit", "SSHProtocolKit", "Common"],
resources: [localization],
swiftSettings: swiftSettings,
),
@ -68,15 +71,26 @@ let package = Package(
name: "SecretAgentKitTests",
dependencies: ["SecretAgentKit"],
),
.target(
name: "SSHProtocolKit",
dependencies: ["SecretKit"],
resources: [localization],
swiftSettings: swiftSettings,
),
.testTarget(
name: "SSHProtocolKitTests",
dependencies: ["SSHProtocolKit"],
swiftSettings: swiftSettings,
),
.target(
name: "Common",
dependencies: [],
dependencies: ["SSHProtocolKit", "SecretKit"],
resources: [localization],
swiftSettings: swiftSettings,
),
.target(
name: "Brief",
dependencies: ["XPCWrappers"],
dependencies: ["XPCWrappers", "SSHProtocolKit"],
resources: [localization],
swiftSettings: swiftSettings,
),

17
Sources/Packages/Sources/Common/URLs.swift
View File

@ -1,4 +1,6 @@
import Foundation
import SSHProtocolKit
import SecretKit
extension URL {
@ -14,6 +16,20 @@ extension URL {
#endif
}
public static var publicKeyDirectory: URL {
agentHomeURL.appending(component: "PublicKeys")
}
/// The path for a Secret's public key.
/// - Parameter secret: The Secret to return the path for.
/// - Returns: The path to the Secret's public key.
/// - Warning: This method returning a path does not imply that a key has been written to disk already. This method only describes where it will be written to.
public static func publicKeyPath<SecretType: Secret>(for secret: SecretType, in directory: URL) -> String {
let keyWriter = OpenSSHPublicKeyWriter()
let minimalHex = keyWriter.openSSHMD5Fingerprint(secret: secret).replacingOccurrences(of: ":", with: "")
return directory.appending(component: "\(minimalHex).pub").path()
}
}
extension String {
@ -27,3 +43,4 @@ extension String {
}
}

37
Sources/Packages/Sources/SSHProtocolKit/Data+Hex.swift Normal file
View File

@ -0,0 +1,37 @@
import Foundation
import CryptoKit
public struct HexDataStyle<SequenceType: Sequence>: Hashable, Codable {
let separator: String
public init(separator: String) {
self.separator = separator
}
}
extension HexDataStyle: FormatStyle where SequenceType.Element == UInt8 {
public func format(_ value: SequenceType) -> String {
value
.compactMap { ("0" + String($0, radix: 16, uppercase: false)).suffix(2) }
.joined(separator: separator)
}
}
extension FormatStyle where Self == HexDataStyle<Data> {
public static func hex(separator: String = "") -> HexDataStyle<Data> {
HexDataStyle(separator: separator)
}
}
extension FormatStyle where Self == HexDataStyle<Insecure.MD5Digest> {
public static func hex(separator: String = ":") -> HexDataStyle<Insecure.MD5Digest> {
HexDataStyle(separator: separator)
}
}

0
Sources/Packages/Sources/SecretKit/OpenSSH/LengthAndData.swift → Sources/Packages/Sources/SSHProtocolKit/LengthAndData.swift
View File

5
Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHPublicKeyWriter.swift → Sources/Packages/Sources/SSHProtocolKit/OpenSSHPublicKeyWriter.swift
View File

@ -1,5 +1,6 @@
import Foundation
import CryptoKit
import SecretKit
/// Generates OpenSSH representations of the public key sof secrets.
public struct OpenSSHPublicKeyWriter: Sendable {
@ -49,9 +50,7 @@ public struct OpenSSHPublicKeyWriter: Sendable {
/// Generates an OpenSSH MD5 fingerprint string.
/// - Returns: OpenSSH MD5 fingerprint string.
public func openSSHMD5Fingerprint<SecretType: Secret>(secret: SecretType) -> String {
Insecure.MD5.hash(data: data(secret: secret))
.compactMap { ("0" + String($0, radix: 16, uppercase: false)).suffix(2) }
.joined(separator: ":")
Insecure.MD5.hash(data: data(secret: secret)).formatted(.hex(separator: ":"))
}
public func comment<SecretType: Secret>(secret: SecretType) -> String {

27
Sources/Packages/Sources/SecretAgentKit/OpenSSHReader.swift → Sources/Packages/Sources/SSHProtocolKit/OpenSSHReader.swift
View File

@ -1,42 +1,49 @@
import Foundation
/// Reads OpenSSH protocol data.
final class OpenSSHReader {
public final class OpenSSHReader {
var remaining: Data
var done = false
/// Initialize the reader with an OpenSSH data payload.
/// - Parameter data: The data to read.
init(data: Data) {
public init(data: Data) {
remaining = Data(data)
}
/// Reads the next chunk of data from the playload.
/// - Returns: The next chunk of data.
func readNextChunk(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> Data {
let littleEndianLength = try readNextBytes(as: UInt32.self)
let length = convertEndianness ? Int(littleEndianLength.bigEndian) : Int(littleEndianLength)
public func readNextChunk(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> Data {
let length = try readNextBytes(as: UInt32.self, convertEndianness: convertEndianness)
guard remaining.count >= length else { throw .beyondBounds }
let dataRange = 0..<length
let dataRange = 0..<Int(length)
let ret = Data(remaining[dataRange])
remaining.removeSubrange(dataRange)
if remaining.isEmpty {
done = true
}
return ret
}
func readNextBytes<T>(as: T.Type) throws(OpenSSHReaderError) -> T {
public func readNextBytes<T: FixedWidthInteger>(as: T.Type, convertEndianness: Bool = true) throws(OpenSSHReaderError) -> T {
let size = MemoryLayout<T>.size
guard remaining.count >= size else { throw .beyondBounds }
let lengthRange = 0..<size
let lengthChunk = remaining[lengthRange]
remaining.removeSubrange(lengthRange)
return unsafe lengthChunk.bytes.unsafeLoad(as: T.self)
if remaining.isEmpty {
done = true
}
let value = unsafe lengthChunk.bytes.unsafeLoad(as: T.self)
return convertEndianness ? T(value.bigEndian) : T(value)
}
func readNextChunkAsString(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> String {
public func readNextChunkAsString(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> String {
try String(decoding: readNextChunk(convertEndianness: convertEndianness), as: UTF8.self)
}
func readNextChunkAsSubReader(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> OpenSSHReader {
public func readNextChunkAsSubReader(convertEndianness: Bool = true) throws(OpenSSHReaderError) -> OpenSSHReader {
OpenSSHReader(data: try readNextChunk(convertEndianness: convertEndianness))
}

1
Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHSignatureWriter.swift → Sources/Packages/Sources/SSHProtocolKit/OpenSSHSignatureWriter.swift
View File

@ -1,5 +1,6 @@
import Foundation
import CryptoKit
import SecretKit
/// Generates OpenSSH representations of Secrets.
public struct OpenSSHSignatureWriter: Sendable {

0
Sources/Packages/Sources/SecretAgentKit/SSHAgentProtocol.swift → Sources/Packages/Sources/SSHProtocolKit/SSHAgentProtocol.swift
View File

1
Sources/Packages/Sources/SecretAgentKit/Agent.swift
View File

@ -3,6 +3,7 @@ import CryptoKit
import OSLog
import SecretKit
import AppKit
import SSHProtocolKit
/// The `Agent` is an implementation of an SSH agent. It manages coordination and access between a socket, traces requests, notifies witnesses and passes requests to stores.
public final class Agent: Sendable {

3
Sources/Packages/Sources/SecretAgentKit/OpenSSHCertificateHandler.swift
View File

@ -1,11 +1,12 @@
import Foundation
import OSLog
import SecretKit
import SSHProtocolKit
/// Manages storage and lookup for OpenSSH certificates.
public actor OpenSSHCertificateHandler: Sendable {
private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: URL.homeDirectory)
private let publicKeyFileStoreController = PublicKeyFileStoreController(directory: URL.publicKeyDirectory)
private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "OpenSSHCertificateHandler")
private let writer = OpenSSHPublicKeyWriter()
private var keyBlobsAndNames: [AnySecret: (Data, Data)] = [:]

19
Sources/Packages/Sources/SecretKit/PublicKeyStandinFileController.swift → Sources/Packages/Sources/SecretAgentKit/PublicKeyStandinFileController.swift
View File

@ -1,5 +1,8 @@
import Foundation
import OSLog
import SecretKit
import SSHProtocolKit
import Common
/// Controller responsible for writing public keys to disk, so that they're easily accessible by scripts.
public final class PublicKeyFileStoreController: Sendable {
@ -9,8 +12,8 @@ public final class PublicKeyFileStoreController: Sendable {
private let keyWriter = OpenSSHPublicKeyWriter()
/// Initializes a PublicKeyFileStoreController.
public init(homeDirectory: URL) {
directory = homeDirectory.appending(component: "PublicKeys")
public init(directory: URL) {
self.directory = directory
}
/// Writes out the keys specified to disk.
@ -19,7 +22,7 @@ public final class PublicKeyFileStoreController: Sendable {
public func generatePublicKeys(for secrets: [AnySecret], clear: Bool = false) throws {
logger.log("Writing public keys to disk")
if clear {
let validPaths = Set(secrets.map { publicKeyPath(for: $0) })
let validPaths = Set(secrets.map { URL.publicKeyPath(for: $0, in: directory) })
.union(Set(secrets.map { sshCertificatePath(for: $0) }))
let contentsOfDirectory = (try? FileManager.default.contentsOfDirectory(atPath: directory.path())) ?? []
let fullPathContents = contentsOfDirectory.map { directory.appending(path: $0).path() }
@ -33,21 +36,13 @@ public final class PublicKeyFileStoreController: Sendable {
}
try? FileManager.default.createDirectory(at: directory, withIntermediateDirectories: false, attributes: nil)
for secret in secrets {
let path = publicKeyPath(for: secret)
let path = URL.publicKeyPath(for: secret, in: directory)
let data = Data(keyWriter.openSSHString(secret: secret).utf8)
FileManager.default.createFile(atPath: path, contents: data, attributes: nil)
}
logger.log("Finished writing public keys")
}
/// The path for a Secret's public key.
/// - Parameter secret: The Secret to return the path for.
/// - Returns: The path to the Secret's public key.
/// - Warning: This method returning a path does not imply that a key has been written to disk already. This method only describes where it will be written to.
public func publicKeyPath<SecretType: Secret>(for secret: SecretType) -> String {
let minimalHex = keyWriter.openSSHMD5Fingerprint(secret: secret).replacingOccurrences(of: ":", with: "")
return directory.appending(component: "\(minimalHex).pub").path()
}
/// Short-circuit check to ship enumerating a bunch of paths if there's nothing in the cert directory.
public var hasAnyCertificates: Bool {

5
Sources/Packages/Sources/SecretAgentKit/SSHAgentInputParser.swift
View File

@ -1,11 +1,12 @@
import Foundation
import OSLog
import SecretKit
import SSHProtocolKit
public protocol SSHAgentInputParserProtocol {
func parse(data: Data) async throws -> SSHAgent.Request
}
public struct SSHAgentInputParser: SSHAgentInputParserProtocol {
@ -13,7 +14,7 @@ public struct SSHAgentInputParser: SSHAgentInputParserProtocol {
private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "InputParser")
public init() {
}
public func parse(data: Data) throws(AgentParsingError) -> SSHAgent.Request {

7
Sources/Packages/Tests/SecretKitTests/OpenSSHPublicKeyWriterTests.swift → Sources/Packages/Tests/SSHProtocolKitTests/OpenSSHPublicKeyWriterTests.swift
View File

@ -1,8 +1,7 @@
import Foundation
import Testing
@testable import SecretKit
@testable import SecureEnclaveSecretKit
@testable import SmartCardSecretKit
import SSHProtocolKit
@Suite struct OpenSSHPublicKeyWriterTests {
@ -47,8 +46,8 @@ import Testing
extension OpenSSHPublicKeyWriterTests {
enum Constants {
static let ecdsa256Secret = SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 256)", publicKey: Data(base64Encoded: "BOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 256), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
static let ecdsa384Secret = SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 384)", publicKey: Data(base64Encoded: "BG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 384), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
static let ecdsa256Secret = TestSecret(id: Data(), name: "Test Key (ECDSA 256)", publicKey: Data(base64Encoded: "BOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 256), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
static let ecdsa384Secret = TestSecret(id: Data(), name: "Test Key (ECDSA 384)", publicKey: Data(base64Encoded: "BG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")!, attributes: Attributes(keyType: KeyType(algorithm: .ecdsa, size: 384), authentication: .notRequired, publicKeyAttribution: "test@example.com"))
}

4
Sources/Packages/Tests/SecretAgentKitTests/OpenSSHReaderTests.swift → Sources/Packages/Tests/SSHProtocolKitTests/OpenSSHReaderTests.swift
View File

@ -1,8 +1,6 @@
import Foundation
import Testing
@testable import SecretAgentKit
@testable import SecureEnclaveSecretKit
@testable import SmartCardSecretKit
import SSHProtocolKit
@Suite struct OpenSSHReaderTests {

11
Sources/Packages/Tests/SSHProtocolKitTests/TestSecret.swift Normal file
View File

@ -0,0 +1,11 @@
import Foundation
import SecretKit
public struct TestSecret: SecretKit.Secret {
public let id: Data
public let name: String
public let publicKey: Data
public var attributes: Attributes
}

5
Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
View File

@ -1,6 +1,7 @@
import Foundation
import Testing
import CryptoKit
@testable import SSHProtocolKit
@testable import SecretKit
@testable import SecretAgentKit
@ -44,8 +45,8 @@ import CryptoKit
let agent = Agent(storeList: list)
let response = await agent.handle(request: request, provenance: .test)
let responseReader = OpenSSHReader(data: response)
let length = try responseReader.readNextBytes(as: UInt32.self).bigEndian
let type = try responseReader.readNextBytes(as: UInt8.self).bigEndian
let length = try responseReader.readNextBytes(as: UInt32.self)
let type = try responseReader.readNextBytes(as: UInt8.self)
#expect(length == response.count - MemoryLayout<UInt32>.size)
#expect(type == SSHAgent.Response.agentSignResponse.rawValue)
let outer = OpenSSHReader(data: responseReader.remaining)

1
Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
View File

@ -1,6 +1,7 @@
import Foundation
import SecretKit
import CryptoKit
import SSHProtocolKit
struct Stub {}

2
Sources/SecretAgent/AppDelegate.swift
View File

@ -22,7 +22,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
}()
private let updater = Updater(checkOnLaunch: true)
private let notifier = Notifier()
private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: URL.homeDirectory)
private let publicKeyFileStoreController = PublicKeyFileStoreController(directory: URL.publicKeyDirectory)
private lazy var agent: Agent = {
Agent(storeList: storeList, witness: notifier)
}()

1
Sources/SecretAgent/XPCInputParser.swift
View File

@ -3,6 +3,7 @@ import SecretAgentKit
import Brief
import XPCWrappers
import OSLog
import SSHProtocolKit
/// Delegates all agent input parsing to an XPC service which wraps OpenSSH
public final class XPCAgentInputParser: SSHAgentInputParserProtocol {

1
Sources/SecretAgentInputParser/SecretAgentInputParser.swift
View File

@ -2,6 +2,7 @@ import Foundation
import OSLog
import XPCWrappers
import SecretAgentKit
import SSHProtocolKit
final class SecretAgentInputParser: NSObject, XPCProtocol {

7
Sources/Secretive.xcodeproj/project.pbxproj
View File

@ -9,6 +9,7 @@
/* Begin PBXBuildFile section */
2C4A9D2F2636FFD3008CC8E2 /* EditSecretView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2C4A9D2E2636FFD3008CC8E2 /* EditSecretView.swift */; };
50020BB024064869003D4025 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50020BAF24064869003D4025 /* AppDelegate.swift */; };
5002C3AB2EEF483300FFAD22 /* XPCWrappers in Frameworks */ = {isa = PBXBuildFile; productRef = 5002C3AA2EEF483300FFAD22 /* XPCWrappers */; };
5003EF3B278005E800DF2006 /* SecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3A278005E800DF2006 /* SecretKit */; };
5003EF3D278005F300DF2006 /* Brief in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3C278005F300DF2006 /* Brief */; };
5003EF3F278005F300DF2006 /* SecretAgentKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3E278005F300DF2006 /* SecretAgentKit */; };
@ -265,6 +266,7 @@
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
5002C3AB2EEF483300FFAD22 /* XPCWrappers in Frameworks */,
50692E6C2E6FFA510043C7BB /* SecretAgentKit in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
@ -539,6 +541,7 @@
name = SecretAgentInputParser;
packageProductDependencies = (
50692E6B2E6FFA510043C7BB /* SecretAgentKit */,
5002C3AA2EEF483300FFAD22 /* XPCWrappers */,
);
productName = SecretAgentInputParser;
productReference = 50692E502E6FF9D20043C7BB /* SecretAgentInputParser.xpc */;
@ -1499,6 +1502,10 @@
/* End XCConfigurationList section */
/* Begin XCSwiftPackageProductDependency section */
5002C3AA2EEF483300FFAD22 /* XPCWrappers */ = {
isa = XCSwiftPackageProductDependency;
productName = XPCWrappers;
};
5003EF3A278005E800DF2006 /* SecretKit */ = {
isa = XCSwiftPackageProductDependency;
productName = SecretKit;

3
Sources/Secretive.xcodeproj/xcshareddata/xcschemes/PackageTests.xcscheme
View File

@ -14,7 +14,8 @@
shouldUseLaunchSchemeArgsEnv = "YES">
<TestPlans>
<TestPlanReference
reference = "container:Config/Secretive.xctestplan">
reference = "container:Config/Secretive.xctestplan"
default = "YES">
</TestPlanReference>
</TestPlans>
</TestAction>

5
Sources/Secretive/Views/Configuration/ToolConfigurationView.swift
View File

@ -1,5 +1,7 @@
import SwiftUI
import SecretKit
import SSHProtocolKit
import Common
struct ToolConfigurationView: View {
@ -111,10 +113,9 @@ struct ToolConfigurationView: View {
let writer = OpenSSHPublicKeyWriter()
let gitAllowedSignersString = [email.isEmpty ? String(localized: .integrationsConfigureUsingEmailPlaceholder) : email, writer.openSSHString(secret: selectedSecret)]
.joined(separator: " ")
let fileController = PublicKeyFileStoreController(homeDirectory: URL.agentHomeURL)
return text
.replacingOccurrences(of: Instructions.Constants.publicKeyPlaceholder, with: gitAllowedSignersString)
.replacingOccurrences(of: Instructions.Constants.publicKeyPathPlaceholder, with: fileController.publicKeyPath(for: selectedSecret))
.replacingOccurrences(of: Instructions.Constants.publicKeyPathPlaceholder, with: URL.publicKeyPath(for: selectedSecret, in: URL.publicKeyDirectory))
}
}

5
Sources/Secretive/Views/Secrets/SecretDetailView.swift
View File

@ -1,12 +1,13 @@
import SwiftUI
import SecretKit
import Common
import SSHProtocolKit
struct SecretDetailView<SecretType: Secret>: View {
let secret: SecretType
private let keyWriter = OpenSSHPublicKeyWriter()
private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: URL.agentHomeURL)
var body: some View {
ScrollView {
@ -21,7 +22,7 @@ struct SecretDetailView<SecretType: Secret>: View {
CopyableView(title: .secretDetailPublicKeyLabel, image: Image(systemName: "key"), text: keyString)
Spacer()
.frame(height: 20)
CopyableView(title: .secretDetailPublicKeyPathLabel, image: Image(systemName: "lock.doc"), text: publicKeyFileStoreController.publicKeyPath(for: secret), showRevealInFinder: true)
CopyableView(title: .secretDetailPublicKeyPathLabel, image: Image(systemName: "lock.doc"), text: URL.publicKeyPath(for: secret, in: URL.publicKeyDirectory), showRevealInFinder: true)
Spacer()
}
}