Hello,
I try to use Bitbucket pipelines beta.
To build my repository, I need to build another repository from bitbucket.
So I configure a SSH Key but when I make a git clone, He ask me a passphrase for the key and block the automatic process.
Is there a way to pass this step without passphrase or providing the passphrase in anyway ?
To illustrate, here is my bitbucket-pipelines.yml file:
# You can use a Docker image from Docker Hub or your own container # registry for your build environment. image: maven:3.3.3 pipelines: default: - step: script: # Modify the commands below to build your repository. - mkdir ~/.ssh - echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - base64 ~/.ssh/id_rsa - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config - mvn --version - mkdir temp - cd temp - git clone git@bitbucket.org:dingorock/dingorock-helpers.git - cd dingorock-helpers - mvn clean install - cd .. - cd .. - mvn clean install
Thanks in advance,
Seb
You can remove the passphrase of the key (more info here) or you can create a new ssh key without passphrase
Thank you, it's working.
But eventually, I don't understand how to have my private key in $SSH_KEY.
So :
and do the following in the bitbucket-pipelines.yml :
image: maven:3.3.3 pipelines: default: - step: script: # Modify the commands below to build your repository. - mkdir ~/.ssh - cp bitbucket_pipelines_rsa ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config - mvn --version - mkdir temp - cd temp - git clone git@bitbucket.org:dingorock/dingorock-helpers.git - cd dingorock-helpers - mvn clean install -DskipTests - cd .. - cd .. - mvn clean install
Thanks a lot for your answer.
Seb
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would highly advise against storing your private key as part of your repository, for security reasons.
I think I know what was going wrong for you (I also had to battle this for a while).
Firstly, delete the SSH key-pair you are using now. It's in your repos Git history and is no longer able to be considered secure.
The issue I think you were having initially was that the SSH_KEY environment variable cannot be the plain text version of your id_rsa file. You need to encode it first in base64.
$ base64 ~/.ssh/id_rsa
You can see a full step-by-step guide here: https://answers.atlassian.com/questions/39243415
Let me know if you get stuck, you shouldn't have to have your secrets stored in your Git repository.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Oh ! Thanks for that, I didn't understand how to setup an Environment Variable. This is why I put the SSH KEY in my repo. And I know, it's bad !
So, Now, I just figure out how I can add environment variable via the pipeline setting of my repo so I will be able to delete the key from it and use the base64 encoding.
Thanks a lot for your tips and provided links.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can find information on environment variables here: https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines
Specifically, you'll want to read the "User-defined repository variables" section. To quote the part you're probably looking for:
You can add, edit, and remove variables directly in the Bitbucket Pipelines settings which you can find in your repository under Settings > Bitbucket Pipelines > Environment variables.
Hope that helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.