the docs show how to set a file to a secret envvar http://readme.drone.io/0.5/secrets/
is there a convenient way to do the opposite? e.g. have this ssh key be available in .ssh/id_rsa with all the correct permissions.
And by "convienient" I obviously mean without having to type mkdir, > or chmod
If you want to use an ssh key as part of your build, you can add the ssh key to the secret store using the following command:
drone secrets add --image=<image> <repo> SSH_KEY @/path/to/.ssh/id_rsa
Note that the @ notation is similar to curl. The reason this feature exists is because creating the secret using cat (or some other sort of pipe) seems to cause a malformed file to upload.
Once the file is added, you can reference in your Yaml:
pipeline:
image: busybox
environment:
- SSH_KEY: ${SSH_KEY}
commands:
- mkdir /root/.ssh && echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
Note that it is important to cat SSH_KEY inside quotes in order to preserve new lines.
You may also need to add the host to known_hosts in order to prevent host key issues; change bitbucket.org to whatever host you're pulling from in the following, and add it to commands (after the command shown above, to ensure that the /root/.ssh directory exists):
ssh-keyscan -H bitbucket.org >> /root/.ssh/known_hosts
(You'll also need to install openssh-client or equivalent, if it's not already available in your build image.)
And by "convienient" I obviously mean without having to type mkdir, > or chmod
nope