package module
Version: v0.8.5 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2021 License: MIT Imports: 9 Imported by: 1


MIT licensed LICENSE Build Status Go Report Card GoDoc

SKM is a simple and powerful SSH Keys Manager. It helps you to manage your multiple SSH keys easily!


  • Create, List, Delete your SSH key(s)
  • Manage all your SSH keys by alias names
  • Choose and set a default SSH key
  • Display public key via alias name
  • Copy default SSH key to a remote host
  • Rename SSH key alias name
  • Backup and restore all your SSH keys
  • Prompt UI for SSH key selection
  • Customized SSH key store path


brew tap timothyye/tap
brew install timothyye/tap/skm
Using Go
go get
Manual Installation

Download it from releases and extact it to /usr/bin or your PATH directory.


% skm

SKM V0.8.1

   SKM - Manage your multiple SSH keys easily

   skm [global options] command [command options] [arguments...]


     init, i      Initialize SSH keys store for the first time usage.
     create, c    Create a new SSH key.
     ls, l        List all the available SSH keys.
     use, u       Set specific SSH key as default by its alias name.
     delete, d    Delete specific SSH key by alias name.
     rename, rn   Rename SSH key alias name to a new one.
     copy, cp     Copy current SSH public key to a remote host.
     display, dp  Display the current SSH public key or specific SSH public key by alias name.
     backup, b    Backup all SSH keys to an archive file.
     restore, r   Restore SSH keys from an existing archive file.
     cache        Add your SSH to SSH agent cache via alias name.
     help, h      Shows a list of commands or help for one command.

   --store-path value   Path where SKM should store its profiles (default: "/Users/timothy/.skm")
   --ssh-path value     Path to a .ssh folder (default: "/Users/timothy/.ssh")
   --restic-path value  Path to the restic binary
   --help, -h           show help
   --version, -v        print the version

For the first time use

You should initialize the SSH key store for the first time use:

% skm init

✔ SSH key store initialized!

So, where are my SSH keys? SKM will create SSH key store at $HOME/.skm and put all the SSH keys in it.

NOTE: If you already have id_rsa & key pairs in $HOME/.ssh, SKM will move them to $HOME/.skm/default

Create a new SSH key

NOTE: Currently ONLY RSA and ED25519 keys are supported!

skm create prod -C ""

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/timothy/.skm/prod/id_rsa.
Your public key has been saved in /Users/timothy/.skm/prod/
✔ SSH key [prod] created!

List SSH keys

% skm ls

✔ Found 3 SSH key(s)!

->      default

Set default SSH key

% skm use dev
Now using SSH key: dev

Prompt UI for key selection

You can just type skm use, then a prompt UI will help you to choose the right SSH key:

Display public key

% skm display

Or display specific SSH public key by alias name:

% skm display prod

Delete a SSH key

% skm delete prod

Please confirm to delete SSH key [prod] [y/n]: y
✔ SSH key [prod] deleted!

Copy SSH public key to a remote host

% skm cp

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/timothy/.skm/default/"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys's password:

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh ''"
and check to make sure that only the key(s) you wanted were added.

✔  Current SSH key already copied to remote host

Rename a SSH key with a new alias name

% skm rn test tmp
✔  SSH key [test] renamed to [tmp]

Backup SSH keys

Backup all your SSH keys to $HOME directory by default.

% skm backup

a .
a ./test
a ./default
a ./dev
a ./dev/id_rsa
a ./dev/
a ./default/id_rsa
a ./default/
a ./test/id_rsa
a ./test/

✔  All SSH keys backup to: /Users/timothy/skm-20171016170707.tar

If you have restic installed then you can also use that to create backups of your SKM store:

# First, you need a password for your repository
% if [[ ! -f ~/.skm-backups.passwd ]]; then
%     openssl rand -hex 64 > ~/.skm-backups.passwd
% fi

% skm backup --restic
repository ... opened successfully, password is correct

Files:           0 new,     1 changed,     4 unmodified
Dirs:            0 new,     0 changed,     0 unmodified
Added to the repo: 1.179 KiB

processed 5 files, 2.593 KiB in 0:00
snapshot $SNAPSHOT saved
✔  Backup to /Users/$USER/.skm-backups complete

Restore SSH keys

% skm restore ~/skm-20171016172828.tar.gz                                                                                           
x ./
x ./test/
x ./default/
x ./dev/
x ./dev/id_rsa
x ./dev/
x ./default/._id_rsa
x ./default/id_rsa
x ./default/
x ./default/
x ./test/id_rsa
x ./test/

✔  All SSH keys restored to /Users/timothy/.skm

Again, SKM also supports restic to create and restore backups:

% skm restore --restic --restic-snapshot $SNAPSHOT
repository $REPO opened successfully, password is correct
restoring <Snapshot $SNAPSHOT of [/Users/$USER/.skm] at 2018-10-03 19:40:33.333130348 +0200 CEST by $USER@$HOST> to /Users/$USER/.skm
✔  Backup restored to /Users/$USER/.skm

Integrate with SSH agent

You can use cache command to cache your SSH key into SSH agent's cache via SSH alias name.

Cache your SSH key

λ tim [~/]
→ skm cache --add my                                                                                                                                                                                                                                                                     
Enter passphrase for /Users/timothy/.skm/my/id_rsa:
Identity added: /Users/timothy/.skm/my/id_rsa (/Users/timothy/.skm/my/id_rsa)
✔  SSH key [my] already added into cache

Remove your SSH key from cache

λ tim [~/]
→ ./skm cache --del my                                                                                                                                                                                                                                                                   
Identity removed: /Users/timothy/.skm/my/id_rsa (MyKEY)
✔  SSH key [my] removed from cache

List your cached SSH keys from SSH agent

λ tim [~/]
→ ./skm cache --list                                                                                                                                                                                                                                                                     
2048 SHA256:qAVcwc0tdUOCjH3sTskwxAmfMQiL2sKtfPBXFnUoZHQ /Users/timothy/.skm/my/id_rsa (RSA)

Customized SSH key store path

By default, SKM uses $HOME/.skm as the default path of SSH key store. You can define your customized in your ~/.bashrc or ~/.zshrc by adding:


Hook mechanism

Edit and place a executable file named hook at the specified key directory, for example:


This hook file can be both an executable binary file or an executable script file.

SKM will call this hook file after switching default SSH key to it, you can do some stuff in this hook file.

For example, if you want to use different git username & email after you switch to use a different SSH key, you can create one hook file, and put shell commands in it:

git config --global "YourNewName"
git config --global ""

Then make this hook file executable:

chmod +x hook

SKM will call this hook file and change git global settings for you!


MIT License
996ICU License




View Source
const (
	// Name is the program name
	Name = "SKM"
	// Usage is for simple description
	Usage = "Manage your multiple SSH keys easily"

	// CheckSymbol is the code for check symbol
	CheckSymbol = "\u2714 "
	// CrossSymbol is the code for check symbol
	CrossSymbol = "\u2716 "

	// PublicKey is the default name of SSH public key
	PublicKey = ""
	// PrivateKey is the default name of SSH private key
	PrivateKey = "id_rsa"
	// DefaultKey is the default alias name of SSH key
	DefaultKey = "default"

	// HookName is the name of a hook that is called when present after using a key
	HookName = "hook"


This section is empty.


func AddCache

func AddCache(alias string, keyMap map[string]*SSHKey, env *Environment) error

AddCache adds SSH to ssh agent cache via key alias

func ClearKey

func ClearKey(env *Environment)

ClearKey clears both private & public keys from SSH key path

func CreateLink(alias string, keyMap map[string]*SSHKey, env *Environment)

CreateLink creates symbol link for specified SSH key

func DeleteCache

func DeleteCache(alias string, keyMap map[string]*SSHKey, env *Environment) error

DeleteCache removes SSH key from SSH agent cache via key alias

func DeleteKey

func DeleteKey(alias string, key *SSHKey, env *Environment, forTest ...bool)

DeleteKey delete key by its alias name

func Execute

func Execute(workDir, script string, args ...string) bool

Execute executes shell commands with arguments

func Fatalf

func Fatalf(format string, args ...interface{})

Fatalf output formatted fatal error info

func GetBakFileName

func GetBakFileName() string

GetBakFileName generates a backup file name by current date and time

func IsEmpty

func IsEmpty(path string) (bool, error)

IsEmpty checks if directory in path is empty

func ListCache

func ListCache() error

ListCache lists cached SSH key from SSH agent cache

func LoadSSHKeys

func LoadSSHKeys(env *Environment) map[string]*SSHKey

LoadSSHKeys loads all the SSH keys from key store

func ParsePath

func ParsePath(path string) string

ParsePath return the original SSH key path if it is a symbol link

func RunHook

func RunHook(alias string, env *Environment)

RunHook runs hook file after switching SSH key


type Environment

type Environment struct {
	StorePath  string
	SSHPath    string
	ResticPath string

Environment abstracts away things like the path the .skm and .ssh folder which allows us to simulate them for testing.

type KeyType

type KeyType struct {
	Name                    string
	KeyBaseName             string
	SupportsVariableBitsize bool

KeyType abstracts configurations for various SSH key types like RSA and ED25519

func (KeyType) PrivateKey

func (kt KeyType) PrivateKey() string

PrivateKey returns the filename used by a keytype for the private component.

func (KeyType) PublicKey

func (kt KeyType) PublicKey() string

PublicKey returns the filename used by a keytype for the public component.

type KeyTypeRegistry

type KeyTypeRegistry map[string]KeyType

KeyTypeRegistry is used to store all the supported key types.

var SupportedKeyTypes KeyTypeRegistry

SupportedKeyTypes contains all key types supported by skm.

func (KeyTypeRegistry) GetByFilename

func (r KeyTypeRegistry) GetByFilename(name string) (KeyType, bool)

GetByFilename returns a key type object given the name of the private key's file. If no matching key type could be found, then the second return value is false.

type SSHKey

type SSHKey struct {
	PublicKey  string
	PrivateKey string
	IsDefault  bool
	Type       *KeyType

SSHKey struct includes both private/public keys & isDefault flag


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL