This shows how to use the Yubikey with a docker container.
This code below is required to get prompted for the Yubikey pin on the cli.
GPG_TTY=$(tty)
export GPG_TTYThis section below is required to perform ssh access via gpg-agent.
Without this, you won't be able to use the yubikey when attempting to ssh from github.
gpg-connect-agent updatestartuptty /byeThis is COPY into docker to allow it to stop prompting for the following message to make it less interactive:
The authenticity of host 'github.com (192.30.255.112)' can't be established.
ECDSA key fingerprint is SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com,192.30.255.112' (ECDSA) to the list of known hosts.
In order for this to work, you must determine your own /dev/hidraw[0-1]{2} value as this changes per port. Once used, you can run the following commands below.
#!/bin/bash
docker run -ti --rm \
-v /dev/bus/usb:/dev/bus/usb \
-v /sys/bus/usb/:/sys/bus/usb/ \
-v /sys/devices/:/sys/devices/ \
-v /dev/hidraw12/:/dev/hidraw12/ \ # Disconnect and reconnect to get device (it changes)
--privileged \
name_of_docker_image \
name_of_command_to_run_inside_image --some-parametersThis is my example that I use locally:
docker run -ti --rm \
-v /dev/bus/usb:/dev/bus/usb \
-v /sys/bus/usb/:/sys/bus/usb/ \
-v /sys/devices/:/sys/devices/ \
-v /dev/hidraw12/:/dev/hidraw12/ \
--privileged \
yubikey-test \
bash