The problem sounds elementary in its nature but I cannot find a secure and simple solution.
The issue is the following, I have a project and I want to pull dependencies from private git repos to build a runtime environment and remove both SSH key and SSH passphrase afterward. I cannot skip passphrase as it is enforced by git remote repos.
- I struggle to push the SSH passphrase, so the SSH won't ask for a passphrase
- I struggle to understand how to do it securely
The question of how can I do it, so the approach also will be secure?
I am operating in Docker and potentially can install any open-source software on it.
With
buildkit
enabled:You can
ssh-add
your private keys to assh-agent
.From the
ssh-add
man
pages:From the
ssh-agent
man
pages:Example
Dockerfile
from the doc:Build the image:
docker build --ssh default