The repo was clean. The servers weren’t. SSH keys from long-gone developers still lingered in authorized_keys files like ghosts no one wanted to admit were there.
Manual offboarding fails because it depends on people remembering to follow every step, every time. One missed command, one unchecked server, and an ex-contractor still has a live shell on production. That risk is silent until it isn’t.
Developer offboarding automation removes the human gap. Instead of running down spreadsheets and wikis, you wire access control into your SSH access proxy. Users log in through the proxy, their identity tied to a central directory or SSO. When you remove them from the directory, their SSH access ends instantly. No waiting. No drift.
A well-implemented SSH access proxy does more than secure offboarding. It enforces ephemeral access with short-lived certificates. That means there are no lingering keys, no unmanaged credentials spread across dozens of hosts. Every session is logged and tied to a human ID, creating clear audit trails. You can trace every command back to the exact person, even after they’ve left the team.
The automation runs deep. Deleting an account in your identity provider removes the role in the proxy. The proxy denies future logins and kills active sessions in seconds. There is no manual terminal work. No searching for scattered access files. It’s one operation to revoke, one source of authority to update.
This is the way to stop SSH key sprawl before it starts. It shifts the work from people to systems, ensuring that offboarding is complete, consistent, and fast.
You can see this in action today. hoop.dev gives you developer offboarding automation with an SSH access proxy built in. You can set it up in minutes and watch accounts revoke in real time. No drift. No shadow access. Just clean offboarding every time.