SSH Private Key Buildpack

Purpose of This Buildpack

You might need to specify an SSH private key in the Build Environment of your application (the environment used when your application’s container is being built). The SSH private key buildpack lets you specify such key.

This buildpack is especially useful when your application needs to access a private gem or a private npm module. It makes the SSH key available during the build phase. The SSH key will not be available during the execution phase.

Set up This Buildpack for Your Application

This buildpack is designed to be used in conjunction with one or more additional buildpacks, thanks to the multi buildpack.

For instance, when creating a new Ruby app on Scalingo:

$ scalingo create my-app

$ cat << EOF > .buildpacks
https://github.com/Scalingo/ssh-private-key-buildpack.git
https://github.com/Scalingo/ruby-buildpack.git
EOF

The above commands configure your application to use the multi buildpack, and define the .buildpacks file. This file configures the different buildpacks to apply. In this example, we configure the SSH private key and the Ruby buildpack.

Configuration

Once the buildpack is configured for your app, set the environment variable SSH_KEY to include your private key in your app:

$ scalingo --app my-app env-set SSH_KEY="$(cat /path/to/your/keys/id_ed25519 | base64)"

By default, the buildpack adds GitHub to the known_hosts file. However, you can configure your app to allow other hosts. You need to set SSH_HOSTS for you application with a comma-separated list of hosts, e.g. git@github.com,git@gitlab.com.

Output

At the next deployment, the SSH private key buildpack will setup the private key and the list of known hosts:

=====> Downloading Buildpack: https://github.com/Scalingo/ssh-private-key-buildpack.git
=====> Detected Framework: SSH private key
-----> Running SSH private key setup
       Warning: Permanently added 'github.com,gitlab.com' (ECDSA) to the list of known hosts.
       Welcome to GitLab, Étienne Michon!

Common Error

The output of the deployment might end with an error:

=====> Downloading Buildpack: https://github.com/Scalingo/ssh-private-key-buildpack.git
=====> Detected Framework: SSH private key
-----> Running SSH private key setup
       Warning: Permanently added 'github.com,gitlab.com' (ECDSA) to the list of known hosts.
       Permission denied (publickey).

In such case, you need to add your public key to the remote service you want to access (e.g. GitHub or GitLab).

SSH Key Management Strategy

Because the buildpack cannot input a password, the SSH key must be provided unencrypted. Thus, our advice to fetch private GitHub/GitLab repository is to setup a Deploy Key, unencrypted and read-only for target repositories you want to fetch.


Suggest edits

SSH Private Key Buildpack

©2024 Scalingo