From b7dd783300fd55c589d6a5323e23530181b27fbe Mon Sep 17 00:00:00 2001
From: Jensen Bernard <jensen@devizer.io>
Date: Tue, 31 Mar 2026 14:33:04 +0200
Subject: [PATCH 1/2] feat: persist SSH keys in macOS Keychain across sessions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 dotfiles/ssh-config |  1 +
 modules/07-ssh.sh   | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/dotfiles/ssh-config b/dotfiles/ssh-config
index 58d0aed..1cdcfcf 100644
--- a/dotfiles/ssh-config
+++ b/dotfiles/ssh-config
@@ -3,6 +3,7 @@
 
 Host *
     AddKeysToAgent yes
+    UseKeychain yes
     ServerAliveInterval 60
     ServerAliveCountMax 3
 
diff --git a/modules/07-ssh.sh b/modules/07-ssh.sh
index 02f2d75..30d1e17 100755
--- a/modules/07-ssh.sh
+++ b/modules/07-ssh.sh
@@ -91,6 +91,26 @@ elif [ -f "$OP_CONF" ]; then
   mbp_log_step "1Password agent not found — removed stale config"
 fi
 
+# Add all discovered keys to the agent with Keychain persistence
+# This stores passphrases in macOS Keychain so they survive reboots
+if [ "$KEY_COUNT" -gt 0 ]; then
+  for key in "$SSH_DIR"/*; do
+    [ -f "$key" ] || continue
+    [[ "$key" == *.pub ]] && continue
+    [[ "$(basename "$key")" == "known_hosts"* ]] && continue
+    [[ "$(basename "$key")" == "authorized_keys" ]] && continue
+    [[ "$(basename "$key")" == "config"* ]] && continue
+    [[ "$(basename "$key")" == "environment" ]] && continue
+
+    # --apple-use-keychain stores the passphrase so it persists across sessions
+    if ssh-add --apple-use-keychain "$key" 2>/dev/null; then
+      mbp_log_step "added to agent: $(basename "$key")"
+    else
+      mbp_log_warn "could not add $(basename "$key") to agent — you may need to run: ssh-add --apple-use-keychain $key"
+    fi
+  done
+fi
+
 mbp_log_ok "SSH: $KEY_COUNT keys secured"
 
 state_set_module_ok "ssh"

From 41080d6e85ea0c45f08b44f97911c0b74146e171 Mon Sep 17 00:00:00 2001
From: Jensen Bernard <jensen@devizer.io>
Date: Tue, 31 Mar 2026 14:34:29 +0200
Subject: [PATCH 2/2] chore: bump version to 1.4.1

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 88c5fb8..347f583 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.4.0
+1.4.1