Automic VaultAutomic Vault

brew

trezor-agent mit Homebrew, Nix installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für trezor-agent in AI-Agent-Workflows.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install trezor-agent

local Homebrew formula metadata

Überblick

Paketzusammenfassung

Hardware SSH/GPG agent for Trezor and Ledger

Befehle und Aliase

  • age-plugin-trezor
  • trezor-agent
  • trezor-gpg
  • trezor-gpg-agent
  • trezor-signify
  • trezor_agent.py

Verlauf

Projektgeschichte und Nutzung

trezor-agent is a hardware-backed SSH, GPG, and age agent that grew out of early Trezor firmware support for using a hardware wallet as an identity and signing device. In package-manager culture it sits in the security-tools niche: a small CLI package that lets developers keep authentication and signing keys on a hardware device while still using familiar Unix tools.

Projektgeschichte

Trezor firmware 1.3.4, announced in September 2015, credited Roman Zeyde's work and introduced NIST P-256 support so a Trezor could be used for SSH login. The official instructions in that announcement installed `trezor_agent`, generated a public key with `trezor-agent`, and used the result in `authorized_keys`.

Firmware 1.3.6 extended the same idea beyond SSH by adding GPG key generation for signing email or documents and by pointing users to Trezor Agent for the user-space tooling. The repository later generalized the model into a shared `libagent` plus device-specific agents for Trezor, Blockstream Jade, and OnlyKey.

Adoptionsgeschichte

The project was adopted by users who wanted hardware-backed developer identity without changing their normal SSH, Git, GPG, or password-store workflows. Its README lists signing email, Git commits, and software packages, managing passwords with `pass` or `passage`, and authenticating web tunnels and file transfers as representative uses.

Package-manager availability through Homebrew and Nix made it installable in the same way as other command-line security tools, which mattered because trezor-agent is usually used from shells, SSH subprocesses, Git commands, GPG, and systemd user units rather than as a standalone application.

Wie es verwendet wird

For SSH, users derive a public key from an identity string, add that public key to remote access controls, and run commands or shells with `SSH_AUTH_SOCK` pointed at the agent. The official SSH guide also documents Git and Mercurial repository access, Git commit signing through SSH signatures, and optional systemd socket activation.

For GPG, users initialize a dedicated `GNUPGHOME` such as `~/.gnupg/trezor`, then continue using normal GPG-aware software while the agent asks the hardware device to sign or decrypt. The GPG guide covers commit and tag signing, password-store integration, file signing/decryption, and email use.

Warum Paket-Nerds sich dafür interessieren

trezor-agent is interesting to package nerds because it turns a cryptocurrency hardware wallet into a Unix authentication primitive. It bridges hardware-wallet APIs into the ecosystem of `ssh-agent`, GnuPG, Git signing, `pass`, systemd user sockets, and age plugins.

The package is also a good example of Homebrew packaging for a tool whose value is not a daemon or GUI, but a collection of small executables that plug into existing developer workflows: `trezor-agent`, `trezor-gpg`, `trezor-gpg-agent`, `trezor-signify`, and `age-plugin-trezor`.

Zeitleiste

  • 2015: Trezor firmware 1.3.4 announcement documents SSH login with `trezor-agent`.
  • 2016: Trezor firmware 1.3.6 announcement adds GPG signing support and references Trezor Agent.
  • 2022: Official SSH guide documents Git commit signing with SSH signatures.
  • 2026: GitHub repository lists `libagent/0.16.1` as the latest release on March 1, 2026.

Related projects

  • Related components include `libagent`, `jade_agent`, `onlykey-agent`, GnuPG, OpenSSH, age, pass, and Trezor firmware features for SSH/GPG operations.

Sicherheitslage

Noch keine Protected-Tool-Abdeckung gefunden

Für trezor-agent wurde kein passendes lokales Secret-Handling-Manifest gefunden. Nucleus-Paketmetadaten bleiben hier veröffentlicht, damit künftige Abdeckung eine stabile Paket-URL hat.

Installationsverhalten

  • In den Formelmetadaten ist kein Homebrew-Post-install-Hook erfasst.
  • Homebrew-Bottle-Metadaten sind für 6 Plattformziele verfügbar.
  • Installiert mit 6 Laufzeitabhängigkeiten.
  • Build-Metadaten listen 2 Build-Abhängigkeiten.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.ssh/agent.conf~/.gnupg/trezor

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
age-plugin-trezorcliglobales Executable
trezor-agentcliglobales Executable
trezor-gpgcliglobales Executable
trezor-gpg-agentcliglobales Executable
trezor-signifycliglobales Executable
trezor_agent.pycliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-10
Manager-Version0.13.0
Manager aktualisiert2026-05-15
lokale DatenOK
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://github.com/romanz/trezor-agent

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:trezor-agent
Version0.13.0
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/trezor-agent
Homepagehttps://github.com/romanz/trezor-agent
Repositoryhttps://github.com/romanz/trezor-agent
Upstream-Dokumentationhttps://github.com/romanz/trezor-agent#readme
LizenzLGPL-3.0-only
Quellarchivhttps://files.pythonhosted.org/packages/d9/b1/e533c417259dc112a067226d4c95cb772d7c090b696a61a065e1e41429d6/trezor_agent-0.13.0.tar.gz
Zuletzt aktualisiert2026-05-15T11:13:55Z
Pulseupdated
Abhängigkeitencertifi, cryptography, hidapi, libsodium, libusb, python@3.14
Build-Abhängigkeitenpkgconf, rust
Bottleverfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nametrezor-agent
Version Scheme0
Revision2
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Nix95%

trezor-agent

nix profile install nixpkgs#trezor-agent
  • normalized package name match
  • Abgeglichen nach: Trezor Agent
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: trezor-agent from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment