[Feature] Securely Retain User SSH Key in Git Proxy for Post-Approval Actions: Private Key Cleanup

[dcoric]

Description

When a user pushes code via the Git Proxy, they authenticate with their SSH key, which is also required for the final push to the remote repository (e.g., GitHub/GitLab). Currently, after approval, the user must manually re-authenticate. To automate this, the proxy must securely retain the user's SSH key during approval and reuse it for the final push—without exposing it or requiring user re-entry.

Key Requirements

1. Key Reuse for Push

• Once approved, the proxy uses the same key to push to the remote repo
• Immediately wipe the key after push (success or failure)

2. Security Constraints

• No long-term storage: Keys are discarded if:
  • Approval is rejected
  • Approval timeout (e.g., 24 hours) is reached
• Isolation: Keys are never accessible to other users/processes

3. Audit Trail

• Log key usage: [PROXY] Push executed with key for user:X, request:Y, approved-by:Z

Task

• Implement automatic key removal after action completion
• Add cleanup on action rejection/cancellation
• Add cleanup on action timeout
• Acceptance Criteria:
  • Private key is removed after action completes
  • Key is removed if action is rejected/canceled
  • No keys are left in the system after action is done