#!/usr/bin/env nix-shell
#!nix-shell -i bash -p openssh

# This minimal helper just runs another process with an ssh-agent available to
# it.  ssh-agent itself does most of that work for us so the main benefit of
# the script is that it guarantees ssh-agent is available for us to run.

# Just give ssh-agent the commmand and it will run it and then exit when it
# does.  This is a nice way to do process management so as to avoid leaking
# ssh-agents.  Just in case cleanup fails for some reason, we'll also give
# keys a lifetime with `-t <seconds>` so secrets don't say in memory
# indefinitely.  Note this means the process run by ssh-agent must finish its
# key-requiring operation within this number of seconds of adding the key.
ssh-agent -t 30 "$@"