Since, by default ssh private and public keys get stored in the .ssh folder under the user's home folder, then it is convenient to leverage the already existing keys rather than having to generate new keys. (Of course you can also use different keys as well if you would like) You just include the script in your existing scripts you have and it works.
This is meant to be a simple solution to needing to store your password in plaintext within a shell script. For example, you might have shell scripts that you create for quick duties like downloading or uploading some asset from a server. Typically sysadmins or developers might just store this in plaintext. The problem is later on they may forget that they stored it in plaintext and the script gets passed around and now you have credentials leaking all over the place. Also, works well for crowded environments where shoulder surfers might be present
Leveraging that existing key is a downright anti-feature though. You should try to minimize the scope controlled by any given key.
You already lean heavily on OpenSSL, so it doesn't make a lot of sense why you wouldn't just generate a dedicated key with a `openssl genrsa -out .spiffytool/private.pem`
I think this is a good idea, b/c as long as the permissions are set on the generated private key to only be readable by the user, then the same level of security would be provided as accessing the user's private ssh key. It would also be nicer in situations like remote servers where the private key is not available due to security reasons. The intention was in these situations to generate your own keys using SSH, but there's no reason to make the user go through that exercise. I will look at making the change. Thanks for the suggestion.
This is meant to be a simple solution to needing to store your password in plaintext within a shell script. For example, you might have shell scripts that you create for quick duties like downloading or uploading some asset from a server. Typically sysadmins or developers might just store this in plaintext. The problem is later on they may forget that they stored it in plaintext and the script gets passed around and now you have credentials leaking all over the place. Also, works well for crowded environments where shoulder surfers might be present