Am I right in thinking that if I later wish to rotate SSH/GPG derived keys I’ve used from my OnlyKey I have to completely reset it? From what I understand the random key from which the SSH/GPG keys are derived is generated once at setup and cannot be altered afterward?
No you would not need to reset device. You could either use a different email to generate a different key or if you must keep the same email you could use a different timestamp which will also generate a different key like this - OnlyKey SSH/GPG agent | Docs
If you want more control over keys you could also use stored keys - OnlyKey SSH/GPG agent | Docs
Thanks - does using different timestamps apply to GPG only though? I could not see an option to specify timestamp with
onlykey-agent for SSH.
Yes, for ssh you could just pass whatever identity you want to use like this:
$ onlykey-agent identity -- ssh user@server