[feature] Don't output logs for every non-private-key in ~/.ssh

[jpluscplusm]

Hi 👋 Thanks for making a really useful tool!

[This is the first of a few quality-of-life feature Issues I'm going to file today. I hope they make sense :-)]

Everyone has at least a few non-private-keys in their .ssh directory, from pubkeys to ssh config to authorized_keys files. Right now, on encrypt and decrypt operation, agebox's output is really messy, which obscures the important detail about what it's actually doing.

Here's a screenshot of it in action ... (NB there is no problem with seemingly valid private keys being reported as invalid, here. That's expected in my setup, and is not part of the issue I'm reporting here!)

I think it would be really useful if:

• operations that don't need private keys (e.g encrypt/reencrypt) shouldn't report these warnings at all
• operations that need private keys (decrypt) only report these warnings if given a --verbose flag.

I note that, with a default keys/ directory in a repo that's properly populated with public keys, the encrypt operation still reports all the files it couldn't parse in ~/.ssh. To my mind, adhering to agebox's default setup should be a signal to the tool that I don't want it to go looking in ~/.ssh during encryption!

I am aware that flags and envvars can be used to teach agebox more detail about my setup :-) I still think the default logging is too noisy and, in the case of re/encrypt, it's flat out wrong to report private key "problems", at any log level!

[diamondburned]

and envvars

What envvars can we use? AFAICT (from --help), these are only available as flags.

I'm using Nix shell for my repository, and I'm pretty close to just hard-wiring agebox to agebox --no-log.