git clone and SSH key passphrase

Hello, 

I try to use Bitbucket pipelines beta.

To build my repository, I need to build another repository from bitbucket.

So I configure a SSH Key but when I make a git clone, He ask me a passphrase for the key and block the automatic process.

Is there a way to pass this step without passphrase or providing the passphrase in anyway ?

To illustrate, here is my bitbucket-pipelines.yml file:

 

# You can use a Docker image from Docker Hub or your own container
# registry for your build environment.
image: maven:3.3.3
pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
            - mkdir ~/.ssh
            - echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
            - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
            - chmod 600 ~/.ssh/id_rsa
            - base64 ~/.ssh/id_rsa
            - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config
            - mvn --version
            - mkdir temp
            - cd temp
            - git clone git@bitbucket.org:dingorock/dingorock-helpers.git
            - cd dingorock-helpers
            - mvn clean install
            - cd ..
            - cd ..
            - mvn clean install

 

Thanks in advance,

Seb

2 answers

You can remove the passphrase of the key (more info here)  or you can create a new ssh key without passphrase

I've tried removing the passphrase and creating a key without a passphrase and it still prompts you for a passphrase.

Thank you, it's working.

But eventually, I don't understand how to have my private key in $SSH_KEY.

So :

  • I created a new SSH Key without passphrase
  • I added the private key in my git repository
  • I added the public key in my Bitbucket deployment key repository configuration

and do the following in the bitbucket-pipelines.yml :

 

image: maven:3.3.3
pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
            - mkdir ~/.ssh
            - cp bitbucket_pipelines_rsa ~/.ssh/id_rsa
            - chmod 600 ~/.ssh/id_rsa
            - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config


            - mvn --version


            - mkdir temp
            - cd temp
            - git clone git@bitbucket.org:dingorock/dingorock-helpers.git
            - cd dingorock-helpers
            - mvn clean install -DskipTests
            - cd ..

            - cd ..
            - mvn clean install

 

Thanks a lot for your answer.

Seb

I would highly advise against storing your private key as part of your repository, for security reasons.

I think I know what was going wrong for you (I also had to battle this for a while).

Firstly, delete the SSH key-pair you are using now. It's in your repos Git history and is no longer able to be considered secure. 

The issue I think you were having initially was that the SSH_KEY environment variable cannot be the plain text version of your id_rsa file. You need to encode it first in base64.

$ base64 ~/.ssh/id_rsa

You can see a full step-by-step guide here: https://answers.atlassian.com/questions/39243415

Let me know if you get stuck, you shouldn't have to have your secrets stored in your Git repository. smile

Oh ! Thanks for that, I didn't understand how to setup an Environment Variable. This is why I put the SSH KEY in my repo. And I know, it's bad ! sad

 

So, Now, I just figure out how I can add environment variable via the pipeline setting of my repo so I will be able to delete the key from it and use the base64 encoding.

 

Thanks a lot for your tips and provided links.

You can find information on environment variables here: https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines

Specifically, you'll want to read the "User-defined repository variables" section. To quote the part you're probably looking for:

You can add, edit, and remove variables directly in the Bitbucket Pipelines settings which you can find in your repository under Settings > Bitbucket Pipelines > Environment variables

Hope that helps. smile

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

710 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot