From 11e1705110c3f85d1e381d0f20729f4c8f7bc4a0 Mon Sep 17 00:00:00 2001
From: Vantz Stockwell <vstockwell@predator-mini.local>
Date: Sat, 14 Mar 2026 01:04:41 -0400
Subject: [PATCH] fix: detect orphaned SSH key references and missing auth
 methods

When a credential's sshKeyId points to a deleted/missing SSH key row,
the connection attempt silently had zero auth methods. Now throws a
clear error explaining the SSH key is missing. Also catches the case
where a credential has neither password nor SSH key configured.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/src/vault/credentials.service.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/backend/src/vault/credentials.service.ts b/backend/src/vault/credentials.service.ts
index a1f2328..2741324 100644
--- a/backend/src/vault/credentials.service.ts
+++ b/backend/src/vault/credentials.service.ts
@@ -81,6 +81,17 @@ export class CredentialsService {
         ? this.encryption.decrypt(cred.sshKey.passphraseEncrypted)
         : null;
       sshKey = { privateKey, passphrase };
+    } else if (cred.sshKeyId) {
+      // Orphaned reference — credential points to a deleted/missing SSH key
+      throw new NotFoundException(
+        `Credential "${cred.name}" references SSH key #${cred.sshKeyId} which no longer exists. Re-import the key or update the credential.`,
+      );
+    }
+
+    if (!password && !sshKey) {
+      throw new NotFoundException(
+        `Credential "${cred.name}" has no password or SSH key configured.`,
+      );
     }
 
     return { username: cred.username, domain: cred.domain, password, sshKey };