SSH Key Support for Git Operations**

[theepicsaxguy]

Goal: Add SSH key authentication for cloning, fetching, and pushing to repositories.

---

1. Backend Changes

• SSH Key Storage:
  • Extend the GitCredential schema to support SSH keys:
    • Add a type field ("pat" or "ssh").
    • Add an sshKey field for the private key content (encrypted at rest).
    • Add a passphrase field for encrypted keys (optional).
  • Store keys in the existing settings.gitCredentials array.
• Git Environment Setup:
  • Extend createGitEnv in git-auth.ts to:
    • Detect SSH URLs (e.g., git@github.com:user/repo.git).
    • Write the SSH key to a temporary file in the container (e.g., /tmp/ssh_keys/{repoId}).
    • Set GIT_SSH_COMMAND to use the key: ssh -i /tmp/ssh_keys/{repoId} -o IdentitiesOnly=yes.
  • Handle key permissions (e.g., chmod 600 for the key file).
• Key Validation:
  • Validate SSH keys on save (e.g., check for -----BEGIN OPENSSH PRIVATE KEY-----).
  • Reject invalid keys with a clear error message.

2. Frontend UX

• Git Credentials UI:
  • Add a toggle in the Git Credentials panel [1] to switch between PAT and SSH key.
  • For SSH keys:
    • Add a textarea for pasting the private key.
    • Add an optional passphrase field.
    • Add a "Test SSH Connection" button to verify the key works.
  • Show a warning: "Never share your private key. It will be encrypted at rest."
• Repository Cloning:
  • Auto-detect SSH URLs (e.g., git@github.com:user/repo.git) and prompt for the SSH key if not configured.
  • Show a tooltip: "This repo requires SSH authentication. Add your key in Settings > Git Credentials."
• Error Handling:
  • Show clear errors for SSH failures (e.g., "Permission denied (publickey)").
  • Suggest fixes (e.g., "Check your key or add it to your GitHub account.").

3. Security

• Key Encryption:
  • Encrypt SSH keys at rest using a symmetric key derived from the user’s session (e.g., via crypto.subtle).
  • Never log or expose keys in plaintext.
  • Use fs.unlinkSync in a finally block.