-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow passing Git SSH key as an environment variable #333
Comments
Linking a relevant PR here: #174 For now, in the case of both Docker, the best approach is probably to write the key to a path on-disk and bind-mount it into the container. For VMs, it would be a similar process except the SSH key would have to be embedded in the VM's startup metadata. These are both probably involved enough to need their own example templates. |
@phorcys420 How about adding |
I think this isn't great because it requires an additional step in the Terraform template, in this case they use the user's SSH key, which means storing each user's key then mounting it. |
I think this is a fine workaround given that even if we don't like storing secrets in environment variables, the Coder agent token is stored in the env and allows to get the private key, so no downgrade in terms of security. I agree, the file option should stay too. |
Following up to a discord conversation where an user tries to clone a Git repository via SSH and is met with the following error:
This makes sense because the Coder user's SSH key was never added to the workspace.
While there is a workaround, it's really not great, how can we make this better?
With k8s the issue is not that bad since you can just define a secret from the key and pass that secret as a file to the container, but what about Docker and VMs?
Workaround
Downloading the key to some temporary path (via an entrypoint script, since envbox runs before the agent)
(or via the TF provider's
coder_workspace_owner.ssh_*
instead of using a script)Then passing the key's path to
ENVBUILDER_GIT_SSH_PRIVATE_KEY_PATH
.The text was updated successfully, but these errors were encountered: