All geek questions in one place

Bitbucket protocol how to configure ssh agent for deployment on a remote server

Here is the workflow that I want to achieve:

  • commit code
  • test run the conveyor bitbucket on my public image of dockers
  • The bitbucket pipeline runs an accessible script to deploy on my public docker image

The first 2 steps work fine, but here's the problem: How / Where should I store private keys in order to allow ssh to a remote remote server through an ssh agent?

I am a little reluctant to keep the private key in the enub Pipeline settings, since everyone else has administrator access to the repo and can see it.

A similar question is asked here , but the answer suggests installing the keys on the docker and using a private repo, which is slightly different from mine.

+5
source share
2 answers

Now you can configure SSH keys in the pipeline settings so that you do not need to use environment variables and copy them to specific places in the container. The private key is not displayed at all.

Under

Settings -> Pipelines -> SSH keys

You will need to open the public key in the known_hosts file.

+2
source

I created a similar process and used Pipelines environment variables, there is a checkbox to protect the value, so you do not need to worry about others viewing it.

The setup is pretty simple:

  • Base64 encodes a private key and stores it in an environment variable in Bitbucket
  • Commit the my_known_hosts file to your codebase, which includes the public SSH key of the remote host.

Then, in the bitbucket-pipelines.yml file, set the known_hosts and key:

 - mkdir -p ~/.ssh - cat my_known_hosts >> ~/.ssh/known_hosts - (umask 077 ; echo $MY_SSH_KEY | base64 --decode > ~/.ssh/id_rsa)

Full documentation is available here https://confluence.atlassian.com/bitbucket/access-remote-hosts-via-ssh-847452940.html

0
source

Source: https://habr.com/ru/post/1257712/

More articles:


All Articles