Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the best way to provide a private SSH key in Azure DevOps Pipeline?

I am building an Azure DevOps pipleline using Terraform. The pipeline creates a Linux server and then logs into the Linux server to update packages and install Apache.

I am currently storing the private key in my BitBucket repo (I know, this is not best practice), which are then pulled down onto the build agent server and then I login to the new server with the following command:

ssh -f -q -o BatchMode=yes -o StrictHostKeyChecking=no -i ../private_key.pem ubuntu@$ip sudo apt update -y

What is the best way to store and then retrieve the private key within Azure DevOps?

like image 629
IHelpPeople Avatar asked Jun 07 '19 17:06

IHelpPeople


2 Answers

Two options I can think of:

1) Create an ssh service connection in azure DevOps. Reference the service connection in your pipeline. https://medium.com/@sibeeshvenu/ssh-deployment-task-in-azure-pipelines-b0e2923bd7b4

2) Store the SSH key as an Azure Key Vault secret and then download the secret using the Azure CLI during the build.

az keyvault secret download --name mysshkey --vault-name mykeyvault --file ~/.ssh/id_rsa

Authenticate the Azure CLI using a service principal, and supply the credentials to the pipeline using a variable group.

like image 70
tedsmitt Avatar answered Oct 03 '22 19:10

tedsmitt


I found that Azure DevOps provides you a feature to upload secret files are part of the build. You can see more information here:

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=azure-devops

like image 25
IHelpPeople Avatar answered Oct 03 '22 19:10

IHelpPeople