FYI, now that the ssh keys interfaces are available, it is possible for a snap to ship its own agent, then do something like (untested within the context of a snap):
SSH_ENV=$HOME/.ssh/environment
function start_agent {
echo "Initialising new SSH agent..."
ssh-agent > "${SSH_ENV}"
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
ssh-add
}
# Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps "${SSH_AGENT_PID}" > /dev/null || {
start_agent;
}
else
start_agent;
fi
This allows each snap to manage its own agent for keys the snap has unlocked, rather than have access to the global agent, gaining access to all unlocked keys.