Hey folks,
I’m the maintainer of Beekeeper Studio -
It’s an SQL client / database manager, it’s currently the featured development app! Source here -
I’m requesting the following auto-connections:
ssh-keys (please see my comment below)
Why
To connect to a production database, many users have to route their connections through an SSH tunnel. We provide this capability in the app, but currently users are unable to access hidden files in ~/.ssh, or elsewhere in their home directory.
Given that key-based ssh access (not password based) is standard practice, this is key to Beekeeper being useful for production databases.
Currently I have the home plug, but that is only for NON hidden files.
I haven’t submitted a new snap to the store with this plug requested yet (wasn’t sure the order that I should do things), but hoping I can get approved!
So yes this would do the same as granting personal-files to just the .ssh directory for my purposes.
I’ve worked at 2 places that distributes keys to a different hidden directory on laptops (eg .company-name), so it feels like it would be frustrating to those users.
I think full access to $HOME would be preferred, but willing to defer to the community here if that seems like a bad idea overall.
Honestly I’m not sure the average user understands the limits on snap fs access.
Full access to $HOME this far excessive of what users would expect IMO - instead the ssh-keys interface clearly describes what access it grants so granting access to this may be more appropriate.
-1 from me for personal-files access to all of $HOME
If instead you wish to pursue ssh-keys auto-connection please change the topic of this thread and make an explicit request as a new comment for reviewers to vote on.
@rathboma Hmm yes whilst I suggested the use of ssh-keys above, this is not normally something which is granted auto-connect since this can clearly expose sensitive private keys (see Auto-connection request for lagoon-cli snap for instance as a historical precedent) - instead we recommend snap authors to try and detect if this interface is connected and if not prompt the user at the time this is required if the interface is not connected (which can be done via snapctl is-connected ssh-keys - which exits with a return code of 0 if it is connected or 1 if it is not). So unfortunately -1 for me for auto-connect of ssh-keys
If your app is a graphical app, perhaps you could use the desktop portals, which allow your users to use any file from the system, provided they have xdg-desktop-portals installed.
No special permission is required to plug ssh-keys for manual connection. Regarding access to the global ssh-agent - this is not possible at the moment but it has been discussed in the past Ssh-agent plug request
I’m also going to echo @alexmurray’s concerns and vote -1 for auto-connection.
Others have provided excellent advice and I’ll reiterate that your snap is free to plugs ‘ssh-keys’ without auto-connection and say your snap is in a position to snapctl is_connected ssh-keys to see if the interface is connected which gives your snap an opportunity to guide the user to connect. A cli experience could exit early if they invoke using ssh and a gui experience could provide a warning stating what to do if the user invokes the ssh feature.
There are also plans to provide APIs for snaps to use that would allow a snap to trigger the connection prompt themselves.