Skip to content

Replace privateKeyId with wallet-based signing config#14

Draft
natefikru wants to merge 1 commit intomainfrom
nate/pr1-wallet-auth
Draft

Replace privateKeyId with wallet-based signing config#14
natefikru wants to merge 1 commit intomainfrom
nate/pr1-wallet-auth

Conversation

@natefikru
Copy link
Copy Markdown

@natefikru natefikru commented Mar 26, 2026

Summary

  • Replace privateKeyId / TURNKEY_PRIVATE_KEY_ID with signingAddress and signingPublicKey in the config layer
  • These fields are resolved during setup and stored directly in the config file, eliminating runtime API calls for key lookup
  • get_public_key() is now sync (decodes hex from config, no API call)
  • sign_ed25519() uses the stored signing address directly
  • Consolidated sign_ssh_auth_payload into sign_ed25519
  • All tests updated to use config-file-based public keys instead of API mocks

The pre-existing ssh_agent_start_uses_default_socket_path_when_socket_is_omitted test failure is not introduced by this PR (fails on main).

Test plan

  • cargo test --all passes (12/13, 1 pre-existing failure)
  • cargo build --all-targets clean
  • No remaining references to privateKeyId or TURNKEY_PRIVATE_KEY_ID

PR 1 of 3 (base: main)

@natefikru
Migrate from private key to wallet-based signing config
11dd3f3 
Replace privateKeyId with signingAddress and signingPublicKey in the
config layer. The signing address and public key are resolved during
setup and stored directly in the config file, eliminating runtime API
calls for key lookup. The TURNKEY_PRIVATE_KEY_ID environment variable
is removed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@natefikru