mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
50 lines
1.6 KiB
Plaintext
50 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * builds/creating-build-inputs.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="builds-source-secret-ssh-key-auth_{context}"]
|
|
= Creating a secret from source code SSH key authentication
|
|
|
|
SSH key based authentication requires a private SSH key.
|
|
|
|
The repository keys are usually located in the `$HOME/.ssh/` directory, and are named `id_dsa.pub`, `id_ecdsa.pub`, `id_ed25519.pub`, or `id_rsa.pub` by default.
|
|
|
|
.Procedure
|
|
|
|
. Generate SSH key credentials:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ssh-keygen -t ed25519 -C "your_email@example.com"
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
Creating a passphrase for the SSH key prevents {product-title} from building. When prompted for a passphrase, leave it blank.
|
|
====
|
|
+
|
|
Two files are created: the public key and a corresponding private key (one of `id_dsa`, `id_ecdsa`, `id_ed25519`, or `id_rsa`). With both of these in place, consult your source control management (SCM) system's manual on how to upload
|
|
the public key. The private key is used to access your private repository.
|
|
+
|
|
. Before using the SSH key to access the private repository, create the secret:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create secret generic <secret_name> \
|
|
--from-file=ssh-privatekey=<path/to/ssh/private/key> \
|
|
--from-file=<path/to/known_hosts> \// <1>
|
|
--type=kubernetes.io/ssh-auth
|
|
----
|
|
<1> Optional: Adding this field enables strict server host key check.
|
|
+
|
|
[WARNING]
|
|
====
|
|
Skipping the `known_hosts` file while creating the secret makes the build vulnerable to a potential man-in-the-middle (MITM) attack.
|
|
====
|
|
+
|
|
[NOTE]
|
|
====
|
|
Ensure that the `known_hosts` file includes an entry for the host of your source code.
|
|
====
|