Drone

SSH key as a secret using CLI

Hello,

is there a way to pass SSH key using drone exec without passing it through --env-file? I was unable to manage it using --secret-file

Thank you

I was unable to manage it using --secret-file

Both --env-file and --secret-file use the same underlying implementation so lets try to get the --secret-file working. I am aware of others that have used ssh keys in their secret file without issue, which means you probably just need some help with the secret file or your yaml. If you can provide more details (sample of your yaml, secret file, and command you use to run drone exec) I am sure we can help you.

Hello Brad,

thank you for your answer. It looks that I asked in a wrong way. I am not able to pass SSH key (or file in general) even through --env-file.

.drone.yml can be very simple:

kind: pipeline
name: default

steps:
- name: test
  image: alpine
  commands:
    - echo "$$PLUGIN_ID_RSA" | md5sum
  settings:
    id_rsa:
      from_secret: id_rsa

secrets file1 .drone-secrets:

id_rsa='-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA04up8hoqzS1+APIB0RhjXyObwHQnOzhAk5Bd7mhkSbPkyhP1
...
iWlX9HNavcydATJc1f0DpzF0u4zY8PY24RVoW8vk+bJANPp1o2IAkeajCaF3w9nf
q/SyqAWVmvwYuIhDiHDaV2A==
-----END RSA PRIVATE KEY-----'

executed command:
drone exec --secret-file=.drone-secrets .drone.yml

secrets file2 .drone-secrets:
id_rsa=@/home/me/.ssh/id_rsa

executed command:
drone exec --secret-file=.drone-secrets .drone.yml

The only way that works is PLUGIN_ID_RSA=$(cat /home/me/.ssh/id_rsa) drone exec

done cli version 1.1.0

Here is a working example:

command:

drone exec --secret-file=secrets.yml

configuration:

kind: pipeline
name: default
steps:
- name: test
  image: alpine:3.8
  environment:
    SSH_KEY:
      from_secret: ssh_key
  commands:
  - echo "$SSH_KEY"

secrets:

ssh_key="-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA04up8hoqzS1+APIB0RhjXyObwHQnOzhAk5Bd7mhkSbPkyhP1\n..."
1 Like