Adding CRUD management for SSH keys

This time I worked on adding CRUD management for SSH keys…

In this commit, I added the CRUD flow for SSH keys. This gives users a proper way to store and manage the keys that will later be used for remote server access, which is an important part of the product direction for Uploy as a PaaS.

The main logic lives in api/handlers/keys.go. Most of the work here was not just about saving data, but making sure the input is at least validated before it enters the system.

Here’s the demo video…

One important thing I added was private key validation using gossh, specifically ParsePrivateKey. The reason was pretty simple: I do not want users to submit a broken or malformed private key and only discover the issue much later when the deploy process tries to use it.

With this validation in place, the API can fail much earlier. So if a user submits an invalid private key, the response will immediately return an invalid SSH private key error instead of letting bad data sit in the database and create more confusing problems later.

That felt like a small but meaningful improvement. For a product like this, early validation matters a lot… especially when the data is directly related to infrastructure access.

Here’s a demo showing what happens when a user submits an invalid private key…

One thing I realized after writing these build logs, though, is that I forgot to add encryption for stored SSH private keys.

That is something I definitely do not want to ignore. Since this project is a PaaS, security and user privacy are a serious part of the product, and SSH private keys should not just be stored as plain sensitive data without stronger protection. So while this commit moves the feature forward from a product workflow perspective, I still see it as incomplete from the security side.

I plan to fix that in a future build log.