Support for SSH keys

[baurmatt]

Please support SSH keys additional to login credentials. This is especially helpful for Gitlab Enterprise installations where every user cost money.

Thanks in advance!

[w00fz]

I looked into supporting ssh keys but it is quite a bit more complicated than I anticipated.

The main problem is that executed git commands from PHP are not able to read the .ssh/config (IdentityFile). In order to do this it requires a good chunk of code to be rewritten, perhaps by tapping into symfony/process instead of using the exec method.

I am open for this but for a future version, not at this moment, sorry.

[fralau]

Could this help?

https://packagist.org/packages/pagemachine/authorized-keys

I guess however, that would require generating a key pair for the app, and storing it. This would also require encrypting the private key, with some secret password (but this should not be so different than storing an ordinary ssh password securely and retrieving it).

[w00fz]

Actually I did some extra digging and turns out i couldn’t get it working because my key had a passphrase. That’s what’s not supported as well as how I parse the urls.
With a no-password passphrase I will be able to add support for keys and I’m planning to do so. I did a quick testing on another project and works flawlessly!

I might not be able to add this on the next upcoming release but i will definitely look into adding support for it in the near future.

[OleVik]

I would second key-auth, or at least configuration that can live alongside or supersede the global git-config. I'm getting into the habit of signing all commits, and so the global setting forces me to sign every change that GitSync captures -- which fails with a gpg: AllowSetForegroundWindow(6216) failed: Access is denied. gpg: signing failed: Card error gpg: signing failed: Card error error: gpg failed to sign the data fatal: failed to write commit object.

[draeath]

I'd love to see this... we're trying to use Azure and personal access tokens have an enforced expiration date of no later than a year.

[ntopulos]

That would be great! Using GitHub's deploy keys is a much more secure approach than to give a plugin access to all our repositories. On some projects I couldn't use this plugin at all for that reason: giving the credentials of a real user is out of the question, and creating a dedicated user is not always possible.

Is this feature still under consideration/development? Is any help needed?

[w00fz]

Thanks for the feedbacks, this feature is definitely still under consideration and will be implemented for next release. I’m just very busy lately and can’t look at this right away.

Please note that my statement above still stand: this feature will support keys ONLY if they aren’t created with a passphrase. I just have no way of getting around that. 🙂

[ntopulos]

Happy to hear that! I understand, and to my knowledge SSH keys with passwords are unsupported by most of automation tools.

[w00fz]

Thought you guys would be happy to know I have added support for SSH Keys.

You can read more about it here: https://github.com/trilbymedia/grav-plugin-git-sync#ssh--enterprise

---

[baurmatt]

Awesome, thank you very much! :)