Hello,
is there a way to pass SSH key using drone exec without passing it through --env-file? I was unable to manage it using --secret-file
Thank you
I was unable to manage it using
--secret-file
Both --env-file and --secret-file use the same underlying implementation so lets try to get the --secret-file working. I am aware of others that have used ssh keys in their secret file without issue, which means you probably just need some help with the secret file or your yaml. If you can provide more details (sample of your yaml, secret file, and command you use to run drone exec) I am sure we can help you.
Hello Brad,
thank you for your answer. It looks that I asked in a wrong way. I am not able to pass SSH key (or file in general) even through --env-file.
.drone.yml can be very simple:
kind: pipeline
name: default
steps:
- name: test
image: alpine
commands:
- echo "$$PLUGIN_ID_RSA" | md5sum
settings:
id_rsa:
from_secret: id_rsa
secrets file1 .drone-secrets:
id_rsa='-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA04up8hoqzS1+APIB0RhjXyObwHQnOzhAk5Bd7mhkSbPkyhP1
...
iWlX9HNavcydATJc1f0DpzF0u4zY8PY24RVoW8vk+bJANPp1o2IAkeajCaF3w9nf
q/SyqAWVmvwYuIhDiHDaV2A==
-----END RSA PRIVATE KEY-----'
executed command:
drone exec --secret-file=.drone-secrets .drone.yml
secrets file2 .drone-secrets:
id_rsa=@/home/me/.ssh/id_rsa
executed command:
drone exec --secret-file=.drone-secrets .drone.yml
The only way that works is PLUGIN_ID_RSA=$(cat /home/me/.ssh/id_rsa) drone exec
done cli version 1.1.0
Here is a working example:
command:
drone exec --secret-file=secrets.yml
configuration:
kind: pipeline
name: default
steps:
- name: test
image: alpine:3.8
environment:
SSH_KEY:
from_secret: ssh_key
commands:
- echo "$SSH_KEY"
secrets:
ssh_key="-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA04up8hoqzS1+APIB0RhjXyObwHQnOzhAk5Bd7mhkSbPkyhP1\n..."
2 Likes