Ssh/authorized Keys
@hivemq/ssh/authorized-keysv2026.06.09.85
01README
Declarative authorized_keys controller for SSH-reachable hosts with atomic mv-T writes, symlink guards, and batched concurrency.
02Models
@hivemq/ssh/authorized-keysv2026.06.04.1ssh_authorized_keys.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| defaultUser | string | |
| connectTimeoutSeconds | number | |
| totalTimeoutSeconds | number | |
| concurrency | number | |
| searchPaths | array | Filesystem roots to scan for authorized_keys files. |
| hosts | array | |
| keys | array | Declarative list of SSH pubkeys to manage on every host. |
fn audit(filter?: string)
Read every authorized_keys file under searchPaths on every host. Read-only.
| Argument | Type | Description |
|---|---|---|
| filter? | string | Host name filter |
fn verify(filter?: string)
Check each managed key's state on every host. `state=present` keys must appear in every authorized_keys; `state=absent` keys must appear nowhere.
| Argument | Type | Description |
|---|---|---|
| filter? | string | Host name filter |
fn add(filter?: string)
Append every `state=present` managed key to every authorized_keys file. Idempotent (matches on algo+body, ignores comment).
| Argument | Type | Description |
|---|---|---|
| filter? | string | Host name filter |
fn seal(filter?: string)
Overwrite every authorized_keys file under searchPaths with ONLY the `state: present` managed keys. Destructive: orphan keys are wiped. Idempotent: skips files already matching the desired content. Run only after all consumers are confirmed to be using a managed key.
| Argument | Type | Description |
|---|---|---|
| filter? | string | Host name filter |
fn exec(command: string, filter?: string, useSudo: boolean)
Run a one-shot diagnostic shell command on each host. Persists per-host stdout/stderr/exitCode as `execResult` resource. Read-only by convention (caller's command may mutate). Warning: `useSudo: true` provides arbitrary root shell execution on every host in scope -- restrict `method-run` access accordingly.
| Argument | Type | Description |
|---|---|---|
| command | string | Shell command to run on each host |
| filter? | string | Host name filter |
| useSudo | boolean | Wrap the command with `sudo bash -c` (uses the model's standard base64 wrapping) |
fn strip(filter?: string)
Remove every `state: absent` managed key from every authorized_keys file under searchPaths. Matches on algo+body (ignores comment). Preserves file ownership and mode via atomic `mv -T` on a sibling temp file.
| Argument | Type | Description |
|---|---|---|
| filter? | string | Host name filter |
Resources
audit(infinite)— Per-host audit of every authorized_keys file under searchPaths (forensic listing).
verify(infinite)— Per-host compliance result against the managed keys list.
addResult(infinite)— Per-host result of the `add` operation.
sealResult(infinite)— Per-host result of the `seal` operation.
execResult(infinite)— Per-host result of the `exec` diagnostic operation.
stripResult(infinite)— Per-host result of the `strip` operation.
03Previous Versions
2026.06.04.82Jun 4, 2026
04Stats
B
85 / 100
Downloads
8
Archive size
30.7 KB
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types (deprecated)1/1earned
- Dependencies pass trust audit2/2earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository0/2missing
05Platforms