pickey-0.3.3 is not a library.
ππ€ pickey
/ΛpΙͺkiΛ/
Two GitHub accounts, one laptop?
pickey picks the right SSH key, automatically!
- π Automatic SSH key selection β rules match by host, org, or repo path
- π Observable β every
git push/pullshows which key is being used - β‘ Fast β single static Rust binary, no runtime dependencies
- π€ Just works β at clone time, from
/tmp, from AI agent terminals, any shell
$ git push
[ππ€] git@github.com:WORK/my-api.git β ~/.ssh/id_work
Pushingβ¦
Install
Homebrew
Cargo
Prebuilt Binary
|
Usage
Configuration
~/.config/pickey/config.toml:
[[]]
= "github.com"
= "WORK-Internal/*"
= "~/.ssh/id_work"
= "email@work.com"
= "My Name"
[[]]
= "github.com"
= "MyPersonalOrg/*"
= "~/.ssh/id_personal"
Rules auto-detected by pickey init include auto = true β these are safely replaced when you re-run init. Manually added rules (without auto = true) are always preserved.
Rules are evaluated top-to-bottom, first match wins. match is a glob pattern against the full path after the host. If no rule matches, pickey falls through to plain ssh (with a warning).
Fields
| Field | Required? | Description |
|---|---|---|
auto |
This rule was auto-generated by pickey init |
|
host |
yes | Exact match against the SSH hostname |
match |
Glob against the path after the host. Omit to match any path on that host | |
key |
yes | Path to private key (~ expansion supported) |
port |
SSH port override (for non-standard ports) | |
email |
Sets repo-local user.email β see why |
|
name |
Sets repo-local user.name |
How it works
pickey sits as git's sshCommand. When git calls SSH, pickey matches the remote against your rules and injects -i <key> with -o IdentityAgent=none β so the right key is used and the ssh-agent can't override it. That's the whole trick.