SSH Private Key Buildpack
Purpose of This Buildpack
You might need to specify a SSH private key in the Build Environment of your application (the environment used when your application’s container is being built). The SSH private key buildpack lets you specify such key.
This buildpack is especially useful when your application needs to access a private gem or a private npm module. It makes the SSH key available during the build phase. The SSH key will not be available during the execution phase.
Set up This Buildpack for Your Application
This buildpack is designed to be used in conjunction with one or more additional buildpacks, thanks to the multi buildpack.
For instance, when creating a new Ruby app on Scalingo:
$ scalingo create my-app $ cat << EOF > .buildpacks https://github.com/Scalingo/ssh-private-key-buildpack.git https://github.com/Scalingo/ruby-buildpack.git EOF
The above commands configure your application to use the multi buildpack, and
.buildpacks file. This file configures the different buildpacks to
apply. In this example, we configure the SSH private key and the Ruby
Once the buildpack is configured for your app, set the environment variable
SSH_KEY to include your private key in your app:
$ scalingo --app my-app env-set SSH_KEY="$(cat /path/to/your/keys/id_ed25519 | base64)"
By default the buildpack adds GitHub to the
known_hosts file. However you can
configure your app to allow other hosts. You need to set
you application with a comma-separated list of hosts, e.g.
At the next deployment, the SSH private key buildpack will setup the private key and the list of known hosts:
=====> Downloading Buildpack: https://github.com/Scalingo/ssh-private-key-buildpack.git =====> Detected Framework: SSH private key -----> Running SSH private key setup Warning: Permanently added 'github.com,gitlab.com' (ECDSA) to the list of known hosts. Welcome to GitLab, Étienne Michon!
The output of the deployment might end with an error:
=====> Downloading Buildpack: https://github.com/Scalingo/ssh-private-key-buildpack.git =====> Detected Framework: SSH private key -----> Running SSH private key setup Warning: Permanently added 'github.com,gitlab.com' (ECDSA) to the list of known hosts. Permission denied (publickey).
In such case, you need to add your public key to the remote service you need to access (e.g. GitHub or GitLab).
SSH Key Management Strategy
Because the buildpack cannot input a password, the SSH key must be provided unencrypted. Thus our advice to fetch private GitHub/GitLab repository is to setup a Deploy Key, unencrypted and read-only for target repositories you want to fetch.