Keybase Docker distribution

April 13, 2020 ยท View on GitHub

Quick reference

What is Keybase?

Keybase is a key directory that maps social media identities to encryption keys (including, but not limited to PGP keys) in a publicly auditable manner. Keybase offers an end-to-end encrypted chat and cloud storage system, called Keybase Chat and the Keybase filesystem respectively. Files placed in the public portion of the filesystem are served from a public endpoint, as well as locally from a filesystem mounted by the Keybase client.

wikipedia.org/wiki/Keybase

logo

How to use this image?

Environment variables

  • KEYBASE_SERVICE - if it's passed OR there are no commands started, a service gets started up by the entrypoint,
  • KEYBASE_USERNAME and KEYBASE_PAPERKEY - if both of these env variables are passed and KEYBASE_SERVICE is passed / there is no command passed, the service automatically logs in as the paper key in oneshot mode.
  • KEYBASE_SERVICE_ARGS - args passed during service startup, -debug by default.
  • KEYBASE_KBFS_ARGS (unsupported in slim) - args passed during KBFS startup, -debug -mount-type=none by default.
  • KEYBASE_LOG_SERVICE_TO_STDOUT - prints out the service logs to stdout. Automatically enabled if no command was passed.
  • KEYBASE_LOG_KBFS_TO_STDOUT (unsupported in slim) - prints out the KBFS logs to stdout. Automatically enabled if no command was passed.

start a keybase service

$ docker run --name some-keybase -d keybaseio/client

run commands against a running keybase service

$ docker run --rm -it --volumes-from some-keybase keybaseio/client keybase login

run a bash bot that sends a command to a user after startup

bot.sh

#!/usr/bin/env bash
MSG="sending at $(date)"
keybase chat send $CHAT_TARGET "$MSG"

Dockerfile

FROM keybaseio/client
ENV KEYBASE_SERVICE=1
COPY bot.sh /bot.sh
RUN chmod +x /bot.sh
CMD /bot.sh

Running the provisioning one-off container

# Setting both KEYBASE_USERNAME and KEYBASE_PAPERKEY will automatically
# provision the service in the "oneshot" mode - the service will identify as
# the passed paper key.

$ docker run --rm \
    -e KEYBASE_USERNAME="botname" \
    -e KEYBASE_PAPERKEY="paper key" \
    -e KEYBASE_SERVICE="1" \
    yournewimage

automatically provision a new device

First start a service

$ docker run --name some-keybase -d keybaseio/client

provision.sh

#!/usr/bin/env bash
keybase --no-auto-fork \
    --debug \
    login \
    -paperkey "$KEYBASE_PAPERKEY" \
    -devicename "$KEYBASE_DEVICENAME" \
    $KEYBASE_USERNAME

Dockerfile

FROM keybaseio/client
COPY provision.sh /provision.sh
RUN chmod +x /provision.sh
CMD ["/provision.sh"]

Running the bot

$ docker run --rm \
    -e KEYBASE_USERNAME="botname" \
    -e KEYBASE_PAPERKEY="paper key" \
    -e KEYBASE_DEVICENAME="randomname123" \
    yournewimage

Image variants

keybaseio/client:stable, keybaseio/client:<version>

Contains all the functionality of the Keybase client. Supports KBFS through the CLI keybase fs tool.

keybaseio/client:stable-slim, keybaseio/client:<version>-slim

Only contains the keybase binary and an entryscript. Ideal for simple chat bots.

keybaseio/client:nightly, keybaseio/client:<version>-<date>-<commit>

A nightly build of the standard stable image. Supports KBFS.

keybaseio/client:nightly-slim, keybaseio/client:<version>-<date>-<commit>-slim

A nightly build of the slim image. Does not support KBFS. Ideal for simple chat bots.

License

The Keybase software is licensed under the BSD 3-clause license.

This README is based on the Redis README published by Docker Inc, licensed under the MIT license.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.