theo
May 18, 2021, 2:59am
1
Hello,
I use GithubActions but my problem is global
I try to write a private RSA key file, but I get “invalid format key ”.
In the following way it works:
export SSH_KEY="-----BEGIN OPENSSH PRIVATE KEY----- #############################
-----END OPENSSH PRIVATE KEY-----
"
echo $SSH_KEY > id_rsa && chmod 600 id_rsa
ssh user@domain -i id_rsa
# connection success
I try similar approaches with Doppler
doppler secrets get SSH_KEY --plain > id_rsa && chmod 600 id_rsadoppler run --command 'echo $SSH_KEY > id_rsa && chmod 600 id_rsadoppler run -- printenv SSH_KEY > id_rsa && chmod 600 id_rsa
I test it
ssh user@domain -i id_rsa
# Load key "id_rsa": invalid format
I also tried with the download method, but I get similar problems
If anyone has a solution I would appreciate help,
Thanks,
Hi Theo,
Thanks for reaching out! Could you verify that if you copy paste the value from the Doppler dashboard into the id_rsa that it works? Just want to make sure the value in Doppler is correctly formatted.
Cheers,
Ruud
theo
May 24, 2021, 8:55pm
3
Hello Ruud
Thanks for your feedback, I didn’t see the notification of your message.
The problem is really in the CLI, if I copy my SSH key from the web UI this way it works:echo '[PASTED KEY HERE]' > id_rsa && chmod...
I think it comes from the way the line breaks are handled on several lines.
I’m not sure how to do this and I’d like to make sure that my only source of truth for all my environment variables is on Doppler
Best regards,
Hey @theo ,
Thanks for reporting this. I’ve been able to reproduce something similar to what you’re seeing and we’re investigating the cause.
I’ll reply back once I know more and a short-term fix is to use the dos2unix utility to convert the line-endings in the id_rsa file.
theo
May 26, 2021, 11:21pm
7
Hi @ryan-blunden
Thanks for your suggestion, I tested this one, and it works fine on my local machine.
steps:
- name: Checkout branch master
uses: actions/checkout@master
- name: Doppler - Install CLI
uses: dopplerhq/cli-action@v1
- name: Test ssh connect with key
run: |
doppler --version
doppler run --command 'echo $SSH_KEY > id_rsa --token ${{ secrets.DOPPLER_PREPROD }}
sudo apt-get install dos2unix
mkdir -p /home/runner/.ssh
chmod 600 id_rsa
ssh-keyscan domain.io >> ~/.ssh/known_hosts
dos2unix id_rsa
ssh ci@domain.io -i id_rsa 'ls'
The return of Github CI
dos2unix: converting file id_rsa to Unix format...
Warning: Permanently added the ECDSA host key for IP address '46.XX.XX.XX' to the list of known hosts.
Load key "id_rsa": invalid format
Permission denied, please try again.
Permission denied, please try again.
ci@domain.io: Permission denied (publickey,password).
Error: Process completed with exit code 255.
I have the impression that using a ssh key outside GitHub secrets is complicated with Github actions
Thanks for the additional testing @theo .
Could you replace doppler run --command 'echo $SSH_KEY > id_rsa --token ${{ secrets.DOPPLER_PREPROD }} with the following to see if that works?
doppler secrets get SSH_KEY --plain --token ${{ secrets.DOPPLER_PREPROD }} > id_rsa --token
Also, could you provide the code you’re using to create the SSH key so I can more accurately reproduce what you’re seeing.
1 Like
theo
May 27, 2021, 3:29am
9
Thank you very much, it works
- name: Test CLI
run: |
doppler --version
doppler secrets get SSH_KEY --plain --token ${{ secrets.DOPPLER_PREPROD }} > id_rsa
sudo apt-get install dos2unix
mkdir -p /home/runner/.ssh
chmod 600 id_rsa
ssh-keyscan domain.io >> ~/.ssh/known_hosts
dos2unix id_rsa
ssh ci@domain.io -i id_rsa 'ls'
This also works with the key_path on the appleboy/ssh-action@master module
- name: Deploy to server
uses: appleboy/ssh-action@master
with:
host: domain.io
username: ci
key_path: ./id_rsa
script_stop: true
script: |
ls
Awesome @theo and I’ll reply back once we’ve got a proper fix figured out.
