Feature Request: Support for macOS Secure Enclave-backed SSH keys via system ssh-agent

Feature Requests Royal TSX (for macOS)
1

Hello,

I would like to request support for macOS Secure Enclave–backed SSH keys (Keychain identities) in Royal TSX.

Currently, Royal TSX supports file-based private keys and standard SSH authentication methods. However, it does not appear to support SSH identities stored in macOS Keychain and backed by Secure Enclave (non-exportable keys).

Modern macOS setups increasingly use:

  • ECDSA (ecdsa-sha2-nistp256) or similar keys

  • Generated as Secure Enclave–protected keys

  • Marked as non-exportable

  • Accessed via the system ssh-agent and Security.framework

These keys:

  • Cannot be stored as PEM files

  • Cannot be exported

  • Are only usable via system-level SSH agent integration

Many security-conscious users rely on Secure Enclave-backed keys for stronger protection against key exfiltration. At the moment, this prevents using Royal TSX in high-security environments unless we downgrade to file-based keys.

It would be highly valuable if Royal TSX could:

  1. Integrate with the macOS system ssh-agent

  2. Support IdentityAgent configuration

  3. Allow authentication using Keychain-stored SSH identities

This would align Royal TSX with modern macOS security practices and enterprise-grade authentication models.

Thank you for considering this request.

Best regards,

Jerzy Kołysz

2

I’d like to strongly support this request — this is becoming a real blocker in security-sensitive environments.

On modern macOS deployments, especially in corporate or regulated infrastructures, SSH keys are increasingly generated as Secure Enclave–backed identities and intentionally marked as non-exportable. The whole point is that the private key must never exist as a file on disk and cannot be copied even by an administrator. Authentication is performed exclusively through the system ssh-agent and Security.framework.

Because of that, tools that only support file-based keys effectively force a downgrade of the security model. We currently have to either:

• keep a second weaker key just for Royal TSX
• or stop using Royal TSX for SSH workflows

Both options defeat the purpose of hardware-backed credentials and violate internal security policies in many organizations.

Practically every native macOS SSH workflow already works seamlessly with Secure Enclave keys:

ssh
git
scp
rsync
VS Code Remote

From a technical perspective, supporting this does not require handling private keys directly — only respecting IdentityAgent and delegating authentication to the system ssh-agent, exactly as OpenSSH does.

So the value here is not just convenience — it’s compatibility with the macOS security architecture and enterprise authentication standards. Without it, Royal TSX can’t be used in hardened environments.

Would really appreciate considering this feature.

Best regards

Marcin Czarnecki

1 Like
3

I fully support this idea, the option proposed by Jerzy would greatly facilitate the daily work of all those who use MacOS and Apple Keychain on a daily basis.

4

Hello to all,
We have looked into this, and the good news is secure enclave-backed SSH keys are working in terminal connections. If you already have secure enclave-backed SSH keys, all you have to do is configure the username in the credentials and add the following command to the “Additional SSH Options” of your connections:
-o SecurityKeyProvider=/usr/lib/ssh-keychain.dylib

In my case, the configuration looks like this:
1.)I configured the username “gst” in the credentials

image
image1398×978 101 KB

2.)I added the aforementioned command to the “Additional SSH Options”
image
image1398×978 92.1 KB

Please let me know if this also works for your connections!

You can find more information on this topic here:

5

Hello,

Thank you for the suggestion.

Using SecurityKeyProvider with sk-* identities is indeed a valid and useful workaround for FIDO-based SSH keys. However, this does not fully address my use case.

My setup relies on a classical ecdsa-sha2-nistp256 SSH key that is hardware-backed by macOS Secure Enclave and accessed via the system ssh-agent. This works correctly with native OpenSSH and with clients such as Shellfish, without requiring sk-* identities.

While updating authorized_keys is not a concern, adopting sk-* identities introduces a FIDO-specific workflow and requires ensuring consistent FIDO support across all server environments and SSH implementations. In our case, we prefer to continue using classical SSH key types while keeping the private key non-exportable and protected by Secure Enclave.

The original request is therefore about supporting macOS system ssh-agent / Keychain-backed classical SSH identities directly, rather than switching to sk-* (FIDO) keys.

Would you consider supporting this in a future version?

Best regards,
Jerzy

7

Hi Jerzy,
Thank you very much for the update. Could you perhaps elaborate on your exact setup? Or do you perhaps have a link for us that we can use as a reference in reproducing up your exact setup? For example, I used “Secretive” to create a ecdsa-sha2-nistp256 SSH key and I can use it for a test connections using my previously suggested configuration.

I must also point out that SSH agents are already supported, but I believe that the “Run Inside Login Shell” setting most likely needs to be enabled for them to work:

image
image1396×978 93.5 KB

8

What we are aiming for is support for standard (non sk-*) SSH keys backed by macOS Secure Enclave, created and managed in a way that avoids application-level vendor lock-in.

Specifically, we would like Royal TSX to be able to:

  1. Create a standard SSH key whose private key resides in Secure Enclave
    (i.e. a classical SSH key type such as ecdsa-sha2-nistp256, not a FIDO / sk-* identity).

  2. Expose that key as a credential inside Royal TSX, including the human-readable description/name assigned in Royal.

  3. Make that key available via a standard SSH agent interface (e.g. SSH_AUTH_SOCK), so that:

    • other SSH clients and tools can use the same key,

    • access is not limited to Royal TSX itself,

    • the key can be shared across applications in a controlled, user-approved way.

The important requirement is that Royal TSX should not become the only application capable of using the key.

Comparison with existing tools

As a reference point, Shellfish demonstrates that it is possible to use Secure Enclave–backed SSH keys successfully. However, Shellfish currently integrates with Secure Enclave in an application-specific way: the keys are usable inside Shellfish, but they are not exposed through a standard SSH agent interface and therefore cannot be accessed from the terminal or other SSH clients.

This is precisely the limitation we would like to avoid in Royal TSX.

Possible UX direction (conceptual idea)

Conceptually, I imagine that in the document tree (where Royal TSX currently displays connections and credentials), there could also be a hardware-backed component section — for example:

  • Secure Enclave (and its available SSH identities)

  • Potentially FIDO2 hardware keys (if present)

This would allow Royal TSX to:

  • detect existing hardware-backed identities,

  • present them as selectable credentials,

  • clearly distinguish hardware-backed keys from file-based keys,

  • while still relying on standard system interfaces rather than app-local key storage.

This is just a conceptual UX idea, but it illustrates the intended direction:
integration with platform-level security components, not isolated application-level key silos.

Desired user experience
Ideally, the workflow would look like this:
The user installs Royal TSX.
If Secure Enclave already contains one or more SSH keys, Royal TSX automatically detects them.
Those keys appear in the document/credential tree as available hardware-backed identities.
The user can select and use those keys for connections inside Royal TSX.
New Secure Enclave–backed keys created within Royal TSX also become visible through the standard SSH agent interface.
The same keys remain available to other tools (e.g. terminal, scripts, other SSH clients) through the SSH agent, without duplication or re-generation.
In other words, Royal TSX should both:
discover existing hardware-backed identities, and
integrate with them via standard system interfaces rather than app-local storage.

To be clear:
this request is not about FIDO / sk-* identities or SecurityKeyProvider.
It is about standard SSH keys whose private material is hardware-protected by Secure Enclave, while remaining accessible via a standard agent interface.

9

Thanks again for testing with Secretive.

We’ve now confirmed that everything works correctly when SSH_AUTH_SOCK points to Secretive’s agent socket. In that setup, the Secure Enclave–backed key is exposed via a standard SSH agent interface and can be used by OpenSSH and any client that honors SSH_AUTH_SOCK.

So Royal TSX’s SSH agent support itself is not the issue — it works as expected when a Secure Enclave key is made available through an agent.

What we would ideally like to see in Royal TSX is the following:

  • The ability to create SSH keys backed by Secure Enclave and expose them through its own SSH agent interface.

  • Exposure of those keys through a standard SSH agent interface, so other SSH clients and tools can use them as well.

  • Automatic discovery of existing Secure Enclave–backed SSH identities via the SSH agent socket currently configured in the system (i.e. the active SSH_AUTH_SOCK) when Royal starts and ability to refresh.

  • Display of those identities as credentials inside Royal TSX.

In other words, not just internal Secure Enclave integration for Royal connections, but platform-level integration via a standard agent interface.

As a conceptual UX idea, it might even make sense to show a hardware-backed section in the document tree (e.g. Secure Enclave identities, possibly hardware FIDO2 keys if present), clearly distinguished from file-based keys — while still relying on standard system mechanisms rather than app-local key silos.

The goal is to avoid app-specific key isolation and instead align with the macOS security model in a way that keeps Secure Enclave–backed identities reusable across tools.

10

Hi Jerzy,
You are very welcome, and thank you very much for all of your input and your feedback. I have spoken to the Royal Apps Dev Team regarding your last suggestion of creating our own SSH agent. It would definitely be a great feature to have, but I am afraid that it would be very difficult to implement at the moment, primarily due to time constraints. Based on that fact, I am afraid that we won’t be able to do this in the short/medium term. I am really sorry to be the bearer of bad news!

1 Like
11

Thank you for the clarification — that is completely understandable.

Implementing a full Secure Enclave–aware SSH agent inside Royal TSX is clearly a significant effort, so I appreciate the transparency regarding time constraints.

As a possible intermediate step, would it be feasible to implement at least part of the UX-related aspects of the request?

For example:

  • Detecting and displaying identities available via the currently configured SSH_AUTH_SOCK.

  • Presenting those identities as selectable credentials in the UI.

  • Allowing a refresh of agent identities without restarting Royal.

This would not require Royal to implement its own SSH agent, but it would significantly improve integration with Secure Enclave–backed keys exposed through external agents.

From a usability perspective, this would also be much clearer for users than requiring them to rely on advanced configuration options or environment variables. A visible “hardware-backed identities” section in the UI would make the security model more transparent.

Even an initially empty Secure Enclave section could encourage users to adopt hardware-backed keys in the future. Seeing that Royal is aware of and ready for such identities makes the feature discoverable and lowers the entry barrier.

Even partial support in this direction would already provide substantial value.