drone.io

how to create a drone secret file?


the docs show how to set a file to a secret envvar http://readme.drone.io/0.5/secrets/

is there a convenient way to do the opposite? e.g. have this ssh key be available in .ssh/id_rsa with all the correct permissions.

And by "convienient" I obviously mean without having to type mkdir, > or chmod


Solution

  • If you want to use an ssh key as part of your build, you can add the ssh key to the secret store using the following command:

    drone secrets add --image=<image> <repo> SSH_KEY @/path/to/.ssh/id_rsa
    

    Note that the @ notation is similar to curl. The reason this feature exists is because creating the secret using cat (or some other sort of pipe) seems to cause a malformed file to upload.

    Once the file is added, you can reference in your Yaml:

    pipeline:
      image: busybox
      environment:
        - SSH_KEY: ${SSH_KEY}
      commands:
        - mkdir /root/.ssh && echo "$SSH_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
    

    Note that it is important to cat SSH_KEY inside quotes in order to preserve new lines.

    You may also need to add the host to known_hosts in order to prevent host key issues; change bitbucket.org to whatever host you're pulling from in the following, and add it to commands (after the command shown above, to ensure that the /root/.ssh directory exists):

    ssh-keyscan -H bitbucket.org >> /root/.ssh/known_hosts
    

    (You'll also need to install openssh-client or equivalent, if it's not already available in your build image.)

    And by "convienient" I obviously mean without having to type mkdir, > or chmod

    nope