Skip to content

Add secret support for SSH key_data #1620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 1, 2025
Merged

Add secret support for SSH key_data #1620

merged 1 commit into from
Dec 1, 2025
+62 −9

Conversation

@jclusso
Copy link
Contributor

@jclusso jclusso commented Aug 5, 2025

I've modified key_data under ssh to read from secrets. This is backwards compatible with the insecure method of storing directly in the deploy.yml. I limited the documentation to only showing the secure way since there is no reason to suggest insecure methods.

djmb
djmb reviewed Aug 11, 2025
View reviewed changes
seuros
seuros reviewed Nov 7, 2025
View reviewed changes
@jclusso jclusso force-pushed the add-ssh-key-data-secret-support branch from d284dae to b7827f0 Compare November 7, 2025 16:28
@jclusso jclusso requested a review from djmb November 10, 2025 03:34
djmb
djmb approved these changes Nov 28, 2025
View reviewed changes
Copy link
Collaborator

@djmb djmb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

The tests are failing but I think that's maybe just from Docker 29 changes that caused issues with the overlayfs file system. If you merge/rebase against main I think they'll hopefully pass.

@jclusso jclusso force-pushed the add-ssh-key-data-secret-support branch from b7827f0 to c1d94ba Compare November 28, 2025 15:42
@jclusso jclusso requested a review from djmb November 28, 2025 15:42
@jclusso
Copy link
Contributor Author

jclusso commented Nov 28, 2025

@djmb rebased on master. Hopefully they all pass now.

@djmb djmb mentioned this pull request Nov 28, 2025
Closed
@jclusso
Add secret support for SSH key_data
8b8b722 
I've modified `key_data` under `ssh` to read from secrets. This is backwards compatible with the insecure method of storing directly in the deploy.yml. I limited the documentation to only showing the secure way since there is no reason to suggest insecure methods.
@jclusso jclusso force-pushed the add-ssh-key-data-secret-support branch from c1d94ba to 8b8b722 Compare November 30, 2025 21:16
@jclusso
Copy link
Contributor Author

jclusso commented Nov 30, 2025

@djmb I botched the last one. I think everything should pass on the CI now. I get some local failures, but those happen on master for me too.

@jclusso
Copy link
Contributor Author

jclusso commented Dec 1, 2025

@djmb seems the remaining failure is happening on master as well. Hopefully good to merge now!

@djmb
Copy link
Collaborator

djmb commented Dec 1, 2025

Thanks! That failing test should be fixed with 5425a54

@djmb djmb merged commit ab7ab32 into basecamp:main Dec 1, 2025
1 of 7 checks passed
@jclusso jclusso deleted the add-ssh-key-data-secret-support branch December 1, 2025 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djmb djmb djmb approved these changes

+1 more reviewer

@seuros seuros seuros left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jclusso @djmb @seuros