Skip to content

Manage SSH authorized keys from GitHub with GitHub Actions

License

Notifications You must be signed in to change notification settings

dhsathiya/action-ssh-keys

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Manage SSH Keys - GitHub Action

Manage SSH authorized keys from GitHub with GitHub Actions.

This action will

  1. Fetch public key from GitHub username e.g. https://github.com/dhsathiya.keys
  2. Add provided users in keys.csv to the respective remote machines.

Note: This action is still under development, but works. Check TODO for more details

Why?

I get bore when I have to add a user or check the SSH access for someone.

With this action I can centrally monitor who can access what!

Configuration

  1. create workflow directory and add yml file. .github/workflows/ssh_key.yml

    on:
      push:
        branches:
          - master
    
    name: Update SSH Keys
    jobs:
      Update-SSH-key:
        name: Update and sync files
        runs-on: ubuntu-latest
        steps:
        - uses: actions/checkout@v2
          with:
            fetch-depth: 2
        - name: Update and sync files
          uses: dhsathiya/action-ssh-keys@master
          env:
            DEPLOY_KEY: ${{secrets.DEPLOY_KEY}}
  2. Create a GitHub secret named DEPLOY_KEY and add private key which will be used for rsync.

  3. Add the respective public key to the DEPLOY_KEY on all the machines on which you want to use this action.

  4. Create file default.key in the GitHub repository root and add the public key in it.

    • This step is necessary, so that the SSH key used by action gets whitelisted on every run.
    • Other reason is, you are using this action because you don't like manual stuff and you also won't like to add the step 3 key after every run. 😉
  5. Create keys.csv file.

    • Simple csv file, field separated with ,

keys.csv file format

user@hostname /path/to/authorized_keys
root@dev.sitename.tld /root/.ssh/authorized_keys user1 user2
www-data@prod.sitename.tld /var/www/.ssh/authorized_keys user1 user2 user3 user4

The action will by default ignore first line.

Example CSV File

TODO

  • Checks and filters for CSV file fields
  • Only run on diff
  • Fail checks
  • Feature: Direct SSH key support
  • Make action code as per best practices
  • Lighter Docker image
  • HashiCorp Vault Support
  • Publish Action
  • Slack Notification

License

MIT © 2020 Devarshi Sathiya

About

Manage SSH authorized keys from GitHub with GitHub Actions

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published