🚀 Feature: Multi-account OAuth + SSH key publishing
Problem
Currently gitkey manages SSH keys locally via ~/.ssh/config, but:
- users must manually add public keys to GitHub / Bitbucket
- no connection between SSH profiles and actual accounts
- no way to automate key provisioning
- poor UX when working with multiple accounts (work / personal)
Goal
Enable full flow:
gitkey generate → gitkey login → gitkey publish-key → gitkey use
So that:
- SSH keys are generated
- automatically uploaded to the correct account
- linked to the correct SSH host alias
Core Idea
Introduce multi-account, multi-provider authentication layer.
Key concept:
SSH Host alias becomes the primary identity unit.
Example:
Host gh-work
Host gh-personal
Host bb-work
Each alias is mapped to:
provider + account + token
Architecture
1. Token storage (secure)
Use macOS Keychain via keytar.
service: gitkey
account: github:gh-work
account: github:gh-personal
account: bitbucket:bb-work
2. Metadata storage
~/.config/gitkey/accounts.json
{
"gh-work": {
"provider": "github",
"username": "bagdevich"
}
}
3. OAuth flow
Use GitHub Device Flow (CLI-friendly).
Command:
gitkey login github gh-work
Flow:
- Request device code
- Show user code + URL
- User authorizes in browser
- CLI receives access token
- Store token in Keychain
4. Publish SSH key
gitkey publish-key gh-work
Steps:
- Read
IdentityFile from .ssh/config
- Load
.pub key
- Load token from Keychain
- Call API:
Body:
{
"title": "gitkey-gh-work-MacBook",
"key": "ssh-ed25519 ..."
}
Commands to implement
gitkey login <provider> <alias>
gitkey logout <alias>
gitkey whoami
gitkey publish-key <alias>
Supported providers
GitHub (priority)
- OAuth Device Flow
- Scope:
write:public_key
Bitbucket (future)
- OAuth
- SSH key API integration
Challenges / Risks
- token storage security
- handling multiple accounts per provider
- ensuring correct mapping alias ↔ account
- API differences between GitHub and Bitbucket
- rate limits / auth errors
Future improvements
- auto-publish key on
generate
- account-aware prompts
- multi-device sync
- Windows support
- revoke keys via CLI
Why this matters
This transforms gitkey from:
into:
full Git identity manager
Status
🚀 Feature: Multi-account OAuth + SSH key publishing
Problem
Currently
gitkeymanages SSH keys locally via~/.ssh/config, but:Goal
Enable full flow:
So that:
Core Idea
Introduce multi-account, multi-provider authentication layer.
Key concept:
Example:
Each alias is mapped to:
Architecture
1. Token storage (secure)
Use macOS Keychain via
keytar.2. Metadata storage
{ "gh-work": { "provider": "github", "username": "bagdevich" } }3. OAuth flow
Use GitHub Device Flow (CLI-friendly).
Command:
Flow:
4. Publish SSH key
Steps:
IdentityFilefrom.ssh/config.pubkeyBody:
{ "title": "gitkey-gh-work-MacBook", "key": "ssh-ed25519 ..." }Commands to implement
Supported providers
GitHub (priority)
write:public_keyBitbucket (future)
Challenges / Risks
Future improvements
generateWhy this matters
This transforms
gitkeyfrom:into:
Status