task 256: support passphrase-protected key loading

author: Paul Buetow <paul@buetow.org> 2026-03-19 22:58:27 +0200
committer: Paul Buetow <paul@buetow.org> 2026-03-19 22:58:27 +0200
commit: fb0791d88f32f25f23021493a26067c9aff22053 (patch)
tree: d6c48e88eae15d335e53045aae4933c12bb1243f /internal/ssh/ssh.go
parent: aa7f4a97b6a02484eacbdf9047bd4c570784df7a (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/internal/ssh/ssh.go b/internal/ssh/ssh.go
index a191fd5..25b9d28 100644
--- a/internal/ssh/ssh.go
+++ b/internal/ssh/ssh.go
@@ -6,6 +6,7 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"net"
 	"os"
@@ -121,7 +122,20 @@ func PrivateKeySigner(keyFile string) (gossh.Signer, error) {
 	}
 	key, err := gossh.ParsePrivateKey(buffer)
 	if err != nil {
-		return nil, err
+		var passphraseMissingErr *gossh.PassphraseMissingError
+		if !errors.As(err, &passphraseMissingErr) {
+			return nil, err
+		}
+
+		passphrase := os.Getenv("DTAIL_KEY_PASSPHRASE")
+		if passphrase == "" {
+			return nil, err
+		}
+
+		key, err = gossh.ParsePrivateKeyWithPassphrase(buffer, []byte(passphrase))
+		if err != nil {
+			return nil, err
+		}
 	}
 	return key, nil
 }
author	Paul Buetow <paul@buetow.org>	2026-03-19 22:58:27 +0200
committer	Paul Buetow <paul@buetow.org>	2026-03-19 22:58:27 +0200
commit	fb0791d88f32f25f23021493a26067c9aff22053 (patch)
tree	d6c48e88eae15d335e53045aae4933c12bb1243f /internal/ssh/ssh.go
parent	aa7f4a97b6a02484eacbdf9047bd4c570784df7a (diff)