Skip to content

ssh

ssh

SSH key handling — keypair I/O, scope management, and the agent protocol.

Consolidates the SSH story end to end: keypair generation and OpenSSH-file parsing on one side, DB-backed scope provisioning in the middle, and the host-side SSH-agent protocol on the other.

Collaborators:

  • keypair — pure-bytes primitives: generate / import / export OpenSSH keypairs, fingerprint computation, PEM encoding.
  • managerSSHManager, the per-scope key-provisioning façade over store.db and keypair.
  • signer — SSH-agent protocol handler that signs git data using vault-stored private keys.

Host-side terok gate-sync consumers (terok / terok-executor) construct their own ephemeral signer over start_ssh_signer_local per invocation, so the signer's lifetime is scoped to a single gate-sync rather than to a long-running socket directory.