Introducing the way to use an encrypted ssh-key with new variable SSH_PASSPHRASE. (!21) · Merge requests · GitLab-examples / ssh-private-key

Bas Meijer requested to merge bbaassssiiee/ssh-private-key:security/encrypted-key into master Apr 23, 2021

This pull-request adds functionality to .gitlab-ci.yml that allows the use of an encrypted ssh-key. You need to create a variable SSH_PASSPHRASE, which is used when adding the private key to ssh-agent.

The ENVIRONMENT section of the manual page of ssh-add explains how ssh-add can be scripted. This is done using 2 variables which are set in the before_script: section. Setting DISPLAY=None drops the need for X11. SSH_ASKPASS is an executable called by ssh-add when it is instructed to read from stdin.

Therefore SSH_ASKPASS is a simple shell script that simply prints the value of the variable SSH_PASSPHRASE to stdout, so we can pipe it into ssh-add.

The pipeline in this project seems to have a config issue, my fork runs fine:

https://gitlab.com/bbaassssiiee/ssh-private-key/-/jobs/1207216682

Fix for #20 and #7.

Edited Apr 23, 2021 by Bas Meijer

Introducing the way to use an encrypted ssh-key with new variable SSH_PASSPHRASE.

Merge request reports