Skip to content

feat(scripts): SSH agent auth support for deployment scripts#5

Open
theredspoon wants to merge 7 commits intosimple10:mainfrom
theredspoon:feature/ssh-agent-auth
Open

feat(scripts): SSH agent auth support for deployment scripts#5
theredspoon wants to merge 7 commits intosimple10:mainfrom
theredspoon:feature/ssh-agent-auth

Conversation

@theredspoon
Copy link
Contributor

@theredspoon theredspoon commented Mar 7, 2026

Summary

  • Adds SSH_IDENTITY_AGENT support to all deployment scripts, allowing
    authentication via an SSH agent socket (e.g., Bitwarden, 1Password,
    ssh-agent) without requiring a key file path in .env
  • Makes SSH_KEY optional — if unset, scripts fall back to the user's
    normal SSH config and agent behavior
  • Fixes IdentitiesOnly=yes being set alongside IdentityAgent, which
    caused auth failures when no IdentityFile was configured

Changes

  • scripts/lib/ssh.sh: refactored from a single SSH_CMD string to
    SSH_ARGS/SCP_ARGS arrays; conditional -i/IdentityAgent flags;
    SSH_RSYNC_CMD derived from the same args for rsync compatibility
  • scripts/ssh-agent.sh: helper to set/detect SSH_IDENTITY_AGENT
  • .env.example: documents SSH_IDENTITY_AGENT option
  • All scripts updated to use new array-based SSH_CMD/SCP_ARGS
  • Playbooks and docs updated with SSH agent auth instructions

Tested

  • Deploy with SSH_KEY set (existing flow unchanged)
  • Deploy with SSH_IDENTITY_AGENT set and SSH_KEY unset (agent flow)
  • Verify rsync-based sync (sync-deploy.sh) works with agent auth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theredspoon