Bitbucket Pipeline how to setup ssh agent to deploy on a remote server
You can now setup SSH keys under pipeline settings so that you do not need to use environment variables and copy to certain locations in the container. The private key is not shown at all.
Under
Settings -> Pipelines -> SSH keys
You would need to get the public key to the production containers known_hosts file.
I have set up a similar process and used Pipelines environment variables, there is a checkbox to secure the value so you don't need to worry about others viewing it.
The set up is pretty easy:
- Base64 encode a private key and store it in an environment variablein Bitbucket
- Commit a "my_known_hosts" file to your codebase that includesthe public SSH key of the remote host.
Then in your bitbucket-pipelines.yml file set up the known_hosts and key:
- mkdir -p ~/.ssh- cat my_known_hosts >> ~/.ssh/known_hosts- (umask 077 ; echo $MY_SSH_KEY | base64 --decode > ~/.ssh/id_rsa)
Full documentation is available here https://confluence.atlassian.com/bitbucket/access-remote-hosts-via-ssh-847452940.html