Reputation: 14783
How can I execute the salt state git.latest with password protected private key
I'm using salt to pull a git repo.
myrepo:
git.latest:
- rev: master
- target: home/myuser/myapp
- runas: myuser
I have added an id_rsa file into /home/myuser/.ssh/, including the private key to authenticate to github. If this private key is not password protected the above git.latest state works fine.
If the private key is password protected (as it should be) the above git.latest state fails with the error message "fatal: The remote end hung up unexpectedly". The reason that this state fails is that the system is asking for the private key password.
Now I'm wondering how I could tell my salt master to provide the password to the password protected private key. I think it should somehow work with a linux key chain util - or is there even some similar functionality build-in within saltstack?
Upvotes: 2
Views: 1365
Answers (1)
Reputation: 11217
I'd suggest that you use special key used only for that purpose. Github offers deploy keys for this very scenario: https://help.github.com/articles/managing-deploy-keys
They are easily set up and easily revoked.
Upvotes: 1
Related Questions
- How to send passphrase for ssh-add with GitHub Actions?
- Salt: Unpack a tar.gz from a private github repository release
- How to set root password using salt states
- How to push to own github gist with password, without TFA?
- How to automate the git pull operation from a private repository using saltstack?
- How to use gitfs remote with SaltStack?
- Saltstack gitfs - how to retrieve git commit hash?
- gitlab push via ssh require password
- Python Saltstack: How can I manage a file which is in a git repo?
- Send passphrase with git push