SSH – authorized_keys comment field format (best practices)?

Hi,

I know about SSH certificates and we use them primarily but we still have systems which use classic pubkeys managed in authorized_keys

From authorized_keys (5)

    Public keys consist of the following space-separated fields:

        options keytype base64-encoded-key comment
   
    The options field is optional
    The comment field is not used for anything (but may be convenient for the user to identify the key)

What I often find is something like this

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5EYh69EeIDiVYxgy6O4fUWoxiT4cRxb8JkLdikE27a user@host

which makes it hard to find out how to contact that key owner.

So I often use this format:

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5EYh69EeIDiVYxgy6O4fUWoxiT4cRxb8JkLdikE27a user@domain.com

Currently I am thinking about a more generic format with more info which can be parsed later by Bash, Go or something else.

Something like this:

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5EYh69EeIDiVYxgy6O4fUWoxiT4cRxb8JkLdikE27a o:user1@host1|e:user1@domain.com|p:manage-vhosts|t:2024-02-21
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICebzmkN9HFcnTfcugV+8sAC1nI9itIL0uriy8lmTc7L o:user2@host2|p:manage-users

.

    awk '$NF ~ /^.:/ {print $NF}' ~/.ssh/authorized_keys | tr '|' '\n' | awk -F':' '/^o:/ {print "origin="$2}'
    awk '$NF ~ /^.:/ {print $NF}' ~/.ssh/authorized_keys | tr '|' '\n' | awk -F':' '/^e:/ {print "email="$2}'
    awk '$NF ~ /^.:/ {print $NF}' ~/.ssh/authorized_keys | tr '|' '\n' | awk -F':' '/^p:/ {print "purpose="$2}'
    awk '$NF ~ /^.:/ {print $NF}' ~/.ssh/authorized_keys | tr '|' '\n' | awk -F':' '/^t:/ {print "timestamp="$2}'

.

    origin=user1@host1
    origin=user2@host2
    email=user1@domain.com
    purpose=manage-vhosts
    purpose=manage-users
    timestamp=2024-02-21

- What do you use?

- Are there any best practices?

- Any ideas, comments? (pun intended)