09:30
-
12:00
May 01, 2025
Lock It Down, using a little-known feature from OpenSSH—hardware attestation—Smallstep created a prototype that prevents developers from pushing code from personal devices. The system ensures only approved devices can access Git repositories. SSH keys are generated with attestation data, verified via API, and routed through a proxy using SSH’s ProxyCommand.
Swing by to explore how this setup, using open-source tools, offers seamless developer experience and restricts Git access to trusted hardware, reducing attack surface while maintaining workflow simplicity.