spring-cloud-configazure-spring-cloud

Unable to get public/private key authentication working for Azure Spring Cloud Config Server


I am having difficulty setting up my Config Server in Azure Spring Cloud using a Github repo as backend. I have it working using basic authentication where I create a token in Github which is fine for my experiments but this is not suitable for production.

I have set up my public key in Github and tested whether my setup is correct by using the following command, in essence cloning the repo using a specific private key:

GIT_SSH_COMMAND='ssh -i ../azure_id_rsa -o IdentitiesOnly=yes' git clone git@github.my-account/azure-config-server.git

Locally this works just fine so this seems to confirm that my setup in Github is correct and using the private key I should be able to clone the repo in Azure you would think.

However, if I then follow the instructions as described here in the official Azure documentation to set up my config server using the GUI, I get the following error:

Failed to update Config Server.
Reason: Fail to update config server due to 'Health check timeout with 10 minutes'.

So I tried using the "Import settings" option by uploading a yaml file. I have used this Azure template where I then paste my private key using the "private-key" section (and yes, the casing for Azure needs to be like that, according to the Azure documentation they only support the properties using hyphens rather than camel casing) as described here in the Spring documentation

But I consistently get the same error so I would think that there is something wrong with my setup but my options are exhausted. If anyone has any pointers it would be much appreciated.


Solution

  • Ok, I figured it out, just posting my answer here in case it helps someone. I just noticed the one difference between my private key and the one mentioned in the Spring example. My private key started with "-----BEGIN OPENSSH PRIVATE KEY-----" whereas in the Spring documentation it starts with "-----BEGIN RSA PRIVATE KEY-----". In other words it expects it to be in the pem format rather than the OpenSSH format.

    So I now got it to work by generating my key as follows (where the noteworthy flag is the "-m pem"):

    ssh-keygen -t rsa -m pem -b 4096 -C "my@email.com"
    

    And then when I set up my public key in Github and pasted my private key in Azure Config Server it actually worked.

    Hope this helps save someone some time as it cost me quite some figuring out.