Cloudster

less than 1 minute read

My lab Yubikey was slowing down due to the amount of credentials for a single domain

Disclaimer

These are very destructive procedures. I bare no responsibility for any loss of data or damage to your Yuibkey

Procedure

Yubikey lists the fido2 credentials in the following format:

ykman fido credentials list --csv

<long-uuid-1>,<domain>,<username>,,<long-number-1>
<long-uuid-2>,<domain>.<username>,,<long-number-2>

We can grep for the domain and username and get a CSV output (no Json or Yaml, sadly):

ykman fido credentials list --csv | \
  grep ',some.example.com,myusername,'  | \
  awk -F ',' '{print $1}'

<long-uuid-1>
<long-uuid-2>

Finally, we can run this through xargs to mass delete the domain-user combination.

  • NOTE: You have an option to input the pin for every deletion, or run with --pin which is unsafe.
  • NOTE: Nothing is stopping you from running this for a whole domain, being more specific is safer.
ykman fido credentials list --csv --pin 1234 | \
  grep ',some.example.com,myusername,' | \
  awk -F ',' '{print $1}' | \
  xargs -n1 ykman fido credentials delete --force --pin 1234

You May Also Enjoy

ZFS Root woes

1 minute read

Documenting an issue with my machine/Fedora installation which uses ZFS Boot to boot from a ZFS root.

A short Proxmox journey

2 minute read

My short journey into Proxmox land. These are just notes for my self reference should I ever need them.