Introducing GAMpass

[Amado]

Hello everyone! This is in no way an official solution, and it’s probably a unique use case for my team. Just wanted to share this, and maybe it can help some folks here.

We don’t use GAM/GAMADV-XTD3 as often, so unless we delete the secrets after every use, the secrets stay on the laptops in plaintext for a long period of time. We could probably limit the GCP sessions or use a YubiKey, but we wanted to use 1Password. They have official support for biometrics, and my employer is a 1Password shop.

I created GAMpass which is a simple tool to encrypt & decrypt all GAM secrets at runtime using your biometrics via 1Password - it uses a previous tool I created called unopass.

GAMpass is a work in progress, and should be considered beta software.

Shoutout to the GAM/GAMADV-XTD3 teams for such a great tool and Kim Nilsson for giving me feedback on multi-domain support and those fancy GAM commands to test with.

I rarely check this Google group, so if anyone uses 1Password and wants to chat about this, you can find me on the macadmins Slack channel. I'll respond soon as I can.

Have a wonderful weekend!

[Kim Nilsson]

Will be interesting to follow this development.

Especially when gampass becomes compatible with more password management tools (he says as a long-time KeePassXC user looking into perhaps moving over to Bitwarden (Vaultwarden to be exact, to keep the cost to a minimum)). :-)

/Kim

[Chad Ramey]

Thank you for sharing! Dang good stuff.