Posts

Using a Authorized Account with Keychain on Hive interfaces.

avatar of @penderis
25
Penderis
@penderis
·
0 views
·
3 min read

I assume by now we all have given permission to apps in some form or another. Whether it is Hive.vote or using scheduling via Peakd they need permission to perform actions on your behalf.

Mostly this would be Posting permission which is harmless enough. Rarely it would be Active permission, say an account needs to automate sending funds; or in the case of a Splinterlands bot it would be sending cards or funds to a central account each day.

You can give any other account permissions of either Posting or Active authority in Peakd quite easily. All you need to do is go to account actions -> keys & permissions -> authorities.

Once you have given permissions that account can use their own keys but perform actions on your account. Mostly apps use this in the backend and perform automated tasks.

Until recently though I did not really click how to do it via keychain, till I spoke to Anyn99 and Foxon. @Anyn99 runs a Gold Splinterlands bot for me, and as we all know we tend to need to give these bots our posting keys.

I have been quite adamant that it is not required but also can't be arsed over the security of posting.

Anyn though has been improving his system and found something a bit different, instead of an account auth, they generate a new posting key with no account (this part I need to read up on) regardless. So then I give the key not the account permissions and Anyn can now use their own key and my username to run the bot.

That avoids ever exposing my key to either the service or anyone else.

Account auths work the same, and I am sure their is a usecase for the single key authority over accounts but would need to read up on that.

As for normal users.

I have 2 alt accounts, one of them use to be my Actifit account, till I got lazy. Now I tend to run a new browser instance or profile with each their own keychain and account setup for all my hive account.

Sometimes though I don't want to change browsers, or if I am at work I don't want the multi profiles but want the multi account access.

For community accounts it would be a case of giving the people who do posting permissions to post as the community or group account.

Maybe you have a transfer manager, so you give them permission to do transfers.

How do they login to Peakd using Keychain then? It may not be very obvious so after all that rambling. This is what you do.

Go to keychain settings -> then accounts ->add account.

As Foxon mentioned keychain needs to know the User exists. Which is what never clicked for me and when I use previous auth accounts the interfaces won't always allow you to use your the other accounts name but your own key.


Then in the account setup when you click add account you choose use authorized account

This will simply associate your account keys with the username of the account you are allowed to post or act on behalf of.



So the first username I added is the one that gave my account permissions. So @smokingfit gave @penderis posting authority using the Peakd authorities tool.

I am then telling Keychain,

The username to look for is Smokingfit and the account whose keys it should use is Penderis

The Penderis account is the main one in my keychain, that is the one I have all the keys for. The other one is the one I do not have keys for.

So that way, I can then login as either account using the security of keychain and or HAS service possibly but without ever sharing keys publicly.