Services
RPC methods exposed by this API.UserSshKeyService
UserSshKeyService manages a single SSH key registered for the calling authenticated user. The key is used by features that need to authenticate to an external Git host on the user’s behalf — for example, cloning a private repository referenced by a canvas. Every RPC operates implicitly on the caller’s own key: no RPC accepts a user identifier and the service exposes no list or cross-user lookup. There is at most one registered key per user; re-registering or regenerating replaces the previous key.| Method | Request | Response | Description |
|---|---|---|---|
| GetMySshKey | GetMySshKeyRequest | GetMySshKeyResponse | GetMySshKey returns the public key and lifecycle metadata for the caller’s registered SSH key, or an empty payload when no key is registered. The private key is never returned by this RPC. |
| GenerateSshKey | GenerateSshKeyRequest | GenerateSshKeyResponse | GenerateSshKey replaces the caller’s registered SSH key with a freshly-generated Ed25519 keypair. Only the public half is returned — the private half is retained by Sift to authenticate to Git hosts on the caller’s behalf and is never disclosed over the wire. This is the only way to register a key. The service intentionally does not accept a user-supplied private key: pasting an existing key would require transmitting it over the network in plaintext (subject to TLS termination, frame logs, etc.), and the resulting copy on Sift’s side would be indistinguishable from one the user also continues to use elsewhere — losing the property that the private half exists in exactly one place. |
| DeleteMySshKey | DeleteMySshKeyRequest | DeleteMySshKeyResponse | DeleteMySshKey removes the caller’s registered SSH key. Idempotent: succeeds when no key is registered. |
Messages
Data models used across requests/responses.DeleteMySshKeyRequest
This message has no fields.DeleteMySshKeyResponse
This message has no fields.GenerateSshKeyRequest
This message has no fields.GenerateSshKeyResponse
| Field | Type | Label | Description |
|---|---|---|---|
| public_key | SshKeyMetadata |
GetMySshKeyRequest
This message has no fields.GetMySshKeyResponse
| Field | Type | Label | Description |
|---|---|---|---|
| public_key | SshKeyMetadata | Unset when the calling user has no key registered. Clients use its presence as the “key configured” boolean. |
SshKeyMetadata
SshKeyMetadata is the read-only projection returned to clients. It carries only the public key and lifecycle timestamps — the private key is never part of this message.| Field | Type | Label | Description |
|---|---|---|---|
| user_ssh_key_id | string | ||
| user_id | string | ||
| public_key | string | Public key in OpenSSH ssh-<algo> AAAA... [comment] shape, ready to paste into a host’s settings page (GitHub deploy keys, etc.). Empty when no public half is available for the registered key. | |
| created_date | google.protobuf.Timestamp | ||
| modified_date | google.protobuf.Timestamp |