feat: seed SSH users from env var and authorized_keys file #31

2026-05-27T20:32:46Z

lerko commented

2026-05-27 20:32:46 +00:00

Summary

Docker onboarding was broken — no way to add first SSH user without docker attach to TUI.

Now reads SSH public keys from two sources on startup:

UPTOP_ADMIN_KEY env var — single key for quick single-user setup
UPTOP_KEYS file path — authorized_keys format for team setup

Dockerfile already sets UPTOP_KEYS=/data/authorized_keys and compose mounts ./data:/data, so the flow is:

echo "ssh-ed25519 AAAA... me@host" > ./data/authorized_keys
docker compose up -d
ssh -p 23234 localhost

Behavior

Skips keys already in DB (idempotent across restarts)
All seeded users get admin role
Username parsed from key comment (e.g. tyler@macbook → tyler)
Comments and blank lines in keys file are ignored

Tested

UPTOP_ADMIN_KEY seeds single admin user
UPTOP_KEYS file seeds multiple users with correct usernames
Second startup skips existing keys (no duplicates)
Build and all tests pass

## Summary Docker onboarding was broken — no way to add first SSH user without `docker attach` to TUI. Now reads SSH public keys from two sources on startup: - `UPTOP_ADMIN_KEY` env var — single key for quick single-user setup - `UPTOP_KEYS` file path — authorized_keys format for team setup Dockerfile already sets `UPTOP_KEYS=/data/authorized_keys` and compose mounts `./data:/data`, so the flow is: ``` echo "ssh-ed25519 AAAA... me@host" > ./data/authorized_keys docker compose up -d ssh -p 23234 localhost ``` ### Behavior - Skips keys already in DB (idempotent across restarts) - All seeded users get admin role - Username parsed from key comment (e.g. `tyler@macbook` → `tyler`) - Comments and blank lines in keys file are ignored ### Tested - UPTOP_ADMIN_KEY seeds single admin user - UPTOP_KEYS file seeds multiple users with correct usernames - Second startup skips existing keys (no duplicates) - Build and all tests pass

lerko added 1 commit 2026-05-27 20:32:47 +00:00

feat: seed SSH users from UPTOP_ADMIN_KEY env and UPTOP_KEYS file

CI / test (pull_request) Successful in 2m59s

Details

CI / lint (pull_request) Failing after 1m6s

Details

CI / vulncheck (pull_request) Successful in 1m6s

Details

d5587958e8

On startup, reads SSH public keys from two sources:
- UPTOP_ADMIN_KEY env var (single key, quick setup)
- UPTOP_KEYS file path (authorized_keys format, team setup)

Keys already in the database are skipped (idempotent across restarts).
All seeded users get admin role. Username parsed from key comment.

Dockerfile already sets UPTOP_KEYS=/data/authorized_keys — Docker users
just drop their keys file in ./data/ and start the container.

lerko added 1 commit 2026-05-27 20:45:58 +00:00

fix(lint): handle file close error in key seeding

CI / test (pull_request) Successful in 2m35s

Details

CI / lint (pull_request) Failing after 1m11s

Details

CI / vulncheck (pull_request) Successful in 1m1s

Details

64b49187f5

lerko added 1 commit 2026-05-27 20:59:03 +00:00

fix(lint): sanitize UPTOP_KEYS path for gosec G703

CI / test (pull_request) Successful in 2m59s

Details

CI / lint (pull_request) Successful in 1m11s

Details

CI / vulncheck (pull_request) Successful in 1m2s

Details

c8e9893b59

lerko merged commit d8a2cab90f into main

2026-05-27 21:15:01 +00:00

lerko deleted branch feat/onboarding-keys

2026-05-27 21:15:01 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lerkolabs/uptop#31