Home → Questions →

Deployment Keys support

• Edit

slav

26 Jun, 2014 03:13 PM

Is there a built in support for deployment keys to be able to checkout submodules and such from different repos (https://confluence.atlassian.com/display/BITBUCKET/Use+deployment+keys)?

Or do I need to use the script to work with deployment key?

1. Support Staff 1 Posted by Feodor Fitsner on 27 Jun, 2014 09:49 AM

   

   Fetching private repositories as sub-modules by SSH works for GitHub and it was successfully implemented by another customer. I believe the same approach could be applied to BitBucket too.

   First of all, you need to generate SSH key pair manually or in code.
   Then on "install" phase of the build, after the main git repo is fetch you can change the contents of SSH private key for appveyor user while preserving Unix-style new lines. The key is stored in c:\users\appveyor\.ssh\id_rsa.

   The following code can be used in YML to update SSH private key for fetching sub-module repositories:

   install: 
     - ps: $key = $env:gitkey #just the key contents, copied from notepad, into the environment variable on the UI 
     - ps: $fileContent = "-----BEGIN RSA PRIVATE KEY-----" + "`n" 
     - ps: for ($i = 0; $i -lt $key.Length / 64; $i++) { $min = [math]::min(64, $key.Length - ($i * 64)); $fileContent += $key.substring($i*64, $min) + "`n"; } 
     - ps: $fileContent += "-----END RSA PRIVATE KEY-----" + "`n" 
     - ps: Set-Content c:\users\appveyor\.ssh\id_rsa $fileContent
   

   The private key contents must be encrypted on AppVeyor UI and passed as an environment variable:

   environment: 
     gitkey: 
       secure: eYKZKFkkEvFYWX…
   

   Please let me know if you have any questions.

   • Edit

2. 2 Posted by Drew Wells on 25 Nov, 2015 03:58 PM

   

   CircleCI takes care of this for you by always adding a deployment key. If AppVeyor used deployment keys for public repos, we shouldn't have to do anymore configuration.

   Please add this feature

   • Edit

3. Support Staff 3 Posted by Feodor Fitsner on 25 Nov, 2015 04:31 PM

   

   You can just move project's public key to the account level.

   - Feodor

   • Edit

4. 4 Posted by Drew Wells on 25 Nov, 2015 05:25 PM

   

   Feodor, I don't understand your comment. At the account level, there is
   only the option to authorize AppVeyor as a Github app. It doesn't have
   anywhere to add deployment SSH keys.

   The above steps list how to replace a SSH key used by appveyor with an
   appropriate one for the repository. CircleCI adds a deployment key to your
   repository and uses it on builds.

   • Edit

5. Support Staff 5 Posted by Feodor Fitsner on 25 Nov, 2015 05:56 PM

   

   For private repositories AppVeyor does the same. It adds public key to "Deployment Keys" of repository and writes private key to a build worker during the build. You can see public key on General tab of project settings.

   You can use the same SSH key to fetch the main repo and all its sub-modules. Just open main repo's "Deployment keys" settings on GitHub, remove project public key from there, grab public key on General tab of project settings and then add it to SSH Keys under account on GitHub.

   • Edit

6. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:02 AM.