feat: Flag to print SSH cert and private key rather than FS#437
Merged
Conversation
EthanHeilman
changed the title
EthanHeilman
changed the title
EthanHeilman
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a --print-key (-p) flag to the opkssh login command that allows users to print the SSH certificate and private key to standard output instead of writing them to the filesystem.
Key changes:
- Added a new boolean flag
PrintKeyArgto control output destination for SSH credentials - Modified the login flow to conditionally print keys to stdout or write to filesystem based on the flag
- Added test coverage for the new print-to-output functionality
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| main.go | Added printKeyArg flag variable, registered the -p/--print-key flag, and passed it to the NewLogin constructor |
| commands/login.go | Added PrintKeyArg field to LoginCmd struct, updated constructor signature, added out() helper method for output destination, and modified login flow to print keys when flag is set |
| commands/login_test.go | Added test case for print-key functionality with test infrastructure updates including buffer output capture |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
EthanHeilman
changed the title
EthanHeilman
force-pushed
the
key-as-ouput
branch
from
49103ea to
a6b7c46
Compare
EthanHeilman
force-pushed
the
key-as-ouput
branch
from
a6b7c46 to
707d9fa
Compare
renovate Bot
added a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Jan 5, 2026
##### [\`v0.11.0\`](https://github.com/openpubkey/opkssh/releases/tag/v0.11.0) ##### 🚀 Features - Add support for custom group claims [@mvanderlee](https://github.com/mvanderlee) ([#133](openpubkey/opkssh#133)) - feat: Flag to print SSH cert and private key rather than FS [@EthanHeilman](https://github.com/EthanHeilman) ([#437](openpubkey/opkssh#437)) - feat: Process extra arguments to the verify command [@justincmoy](https://github.com/justincmoy) ([#436](openpubkey/opkssh#436)) - Add warning message when email claim is missing from ID token @[copilot-swe-agent\[bot\]](https://github.com/apps/copilot-swe-agent) ([#374](openpubkey/opkssh#374)) - \[feat] Add new "inspect" subcommand [@stmcginnis](https://github.com/stmcginnis) ([#349](openpubkey/opkssh#349)) - Add CLI reference documentation [@stmcginnis](https://github.com/stmcginnis) ([#365](openpubkey/opkssh#365)) - Include signature JSON in `inspect` output [@stmcginnis](https://github.com/stmcginnis) ([#358](openpubkey/opkssh#358)) - - docs: Add Amazon Cognito as tested provider [@Foorack](https://github.com/Foorack) ([#414](openpubkey/opkssh#414)) - docs: Add documentation for opkssh and sssd integration [@vigneshmanick](https://github.com/vigneshmanick) ([#409](openpubkey/opkssh#409)) - Added SELinux support for sudo logging [@descensus](https://github.com/descensus) ([#376](openpubkey/opkssh#376)) - Update CLI documentation @[github-actions\[bot\]](https://github.com/apps/github-actions) ([#368](openpubkey/opkssh#368)) ##### 🐛 Bug Fixes - Fix race condition in ReadHome [@gcorrall](https://github.com/gcorrall) ([#391](openpubkey/opkssh#391)) - \[fix] Use lowercase for positional argument placeholders [@t38miwa](https://github.com/t38miwa) ([#361](openpubkey/opkssh#361)) - fix typo in commands/verify.go [@DevRockstarZ](https://github.com/DevRockstarZ) ([#336](openpubkey/opkssh#336)) - Doc: fix small errors in policy plugin doc [@PotatoesMaster](https://github.com/PotatoesMaster) ([#344](openpubkey/opkssh#344)) - Correct macOS name [@stmcginnis](https://github.com/stmcginnis) ([#341](openpubkey/opkssh#341)) ##### 🧰 Maintenance - chore: document upstream nix usage & remove nix flake [@datosh](https://github.com/datosh) ([#383](openpubkey/opkssh#383)) - Update CLI documentation @[github-actions\[bot\]](https://github.com/apps/github-actions) ([#438](openpubkey/opkssh#438)) - Stop hash pinning docker images [@EthanHeilman](https://github.com/EthanHeilman) ([#421](openpubkey/opkssh#421)) - \[fix] Fix ssh version integration test [@EthanHeilman](https://github.com/EthanHeilman) ([#362](openpubkey/opkssh#362)) - Fix integration tests failing due to pacman keys [@EthanHeilman](https://github.com/EthanHeilman) ([#432](openpubkey/opkssh#432)) - fix(deps): Update docker/setup-buildx-action action to v3.12.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#426](openpubkey/opkssh#426)) - fix(deps): Update zizmorcore/zizmor-action action to v0.3.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#413](openpubkey/opkssh#413)) - fix(deps): Update peter-evans/create-pull-request action to v8 @[renovate\[bot\]](https://github.com/apps/renovate) ([#418](openpubkey/opkssh#418)) - fix(deps): Update zizmorcore/zizmor-action action to v0.2.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#335](openpubkey/opkssh#335)) - fix(deps): Update peter-evans/create-pull-request action to v7.0.9 @[renovate\[bot\]](https://github.com/apps/renovate) ([#407](openpubkey/opkssh#407))
sdwilsh
pushed a commit
to sdwilsh/ansible-playbooks
that referenced
this pull request
Jan 13, 2026
##### [\`v0.11.0\`](https://github.com/openpubkey/opkssh/releases/tag/v0.11.0) ##### 🚀 Features - Add support for custom group claims [@mvanderlee](https://github.com/mvanderlee) ([#133](openpubkey/opkssh#133)) - feat: Flag to print SSH cert and private key rather than FS [@EthanHeilman](https://github.com/EthanHeilman) ([#437](openpubkey/opkssh#437)) - feat: Process extra arguments to the verify command [@justincmoy](https://github.com/justincmoy) ([#436](openpubkey/opkssh#436)) - Add warning message when email claim is missing from ID token @[copilot-swe-agent\[bot\]](https://github.com/apps/copilot-swe-agent) ([#374](openpubkey/opkssh#374)) - \[feat] Add new "inspect" subcommand [@stmcginnis](https://github.com/stmcginnis) ([#349](openpubkey/opkssh#349)) - Add CLI reference documentation [@stmcginnis](https://github.com/stmcginnis) ([#365](openpubkey/opkssh#365)) - Include signature JSON in `inspect` output [@stmcginnis](https://github.com/stmcginnis) ([#358](openpubkey/opkssh#358)) - - docs: Add Amazon Cognito as tested provider [@Foorack](https://github.com/Foorack) ([#414](openpubkey/opkssh#414)) - docs: Add documentation for opkssh and sssd integration [@vigneshmanick](https://github.com/vigneshmanick) ([#409](openpubkey/opkssh#409)) - Added SELinux support for sudo logging [@descensus](https://github.com/descensus) ([#376](openpubkey/opkssh#376)) - Update CLI documentation @[github-actions\[bot\]](https://github.com/apps/github-actions) ([#368](openpubkey/opkssh#368)) ##### 🐛 Bug Fixes - Fix race condition in ReadHome [@gcorrall](https://github.com/gcorrall) ([#391](openpubkey/opkssh#391)) - \[fix] Use lowercase for positional argument placeholders [@t38miwa](https://github.com/t38miwa) ([#361](openpubkey/opkssh#361)) - fix typo in commands/verify.go [@DevRockstarZ](https://github.com/DevRockstarZ) ([#336](openpubkey/opkssh#336)) - Doc: fix small errors in policy plugin doc [@PotatoesMaster](https://github.com/PotatoesMaster) ([#344](openpubkey/opkssh#344)) - Correct macOS name [@stmcginnis](https://github.com/stmcginnis) ([#341](openpubkey/opkssh#341)) ##### 🧰 Maintenance - chore: document upstream nix usage & remove nix flake [@datosh](https://github.com/datosh) ([#383](openpubkey/opkssh#383)) - Update CLI documentation @[github-actions\[bot\]](https://github.com/apps/github-actions) ([#438](openpubkey/opkssh#438)) - Stop hash pinning docker images [@EthanHeilman](https://github.com/EthanHeilman) ([#421](openpubkey/opkssh#421)) - \[fix] Fix ssh version integration test [@EthanHeilman](https://github.com/EthanHeilman) ([#362](openpubkey/opkssh#362)) - Fix integration tests failing due to pacman keys [@EthanHeilman](https://github.com/EthanHeilman) ([#432](openpubkey/opkssh#432)) - fix(deps): Update docker/setup-buildx-action action to v3.12.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#426](openpubkey/opkssh#426)) - fix(deps): Update zizmorcore/zizmor-action action to v0.3.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#413](openpubkey/opkssh#413)) - fix(deps): Update peter-evans/create-pull-request action to v8 @[renovate\[bot\]](https://github.com/apps/renovate) ([#418](openpubkey/opkssh#418)) - fix(deps): Update zizmorcore/zizmor-action action to v0.2.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#335](openpubkey/opkssh#335)) - fix(deps): Update peter-evans/create-pull-request action to v7.0.9 @[renovate\[bot\]](https://github.com/apps/renovate) ([#407](openpubkey/opkssh#407))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a flag,
-por--print-key, toopkssh loginso that the SSH cert and private key will be printed to output rather than writing these to the filesystem.