1

I am creating a nodejs application that will integrate with Git repo and perform operations such as push, pull commit etc. I am in the process of moving the app to Docker. However I can't find a way to put ssh keys in the docker image at runtime. I want to avoid copying the ssh key at build time in the docker image for security reasons.

I have tried passing the ssh key as an env variable at runtime like :

docker run -i -t -e KEY="sshkey" imagename

And in node.js manually creating the ssh folder and ssh key 

mkdirSync('/root/.ssh/', (err) => {
    writeFileSync('/root/.ssh/id_rsa.pub', sshKey, (err) => {
    })
})

However this doesn't seem to be working, I still get permission errors when trying to clone the repo.

  1. Do I need to do something to load the ssh keys so they can be used by git?
  2. Is there a way to do it using Dockerfile. I know that I can add it on build, time, but haven't found a way to do it at runtime.
  3. How can I inspect the fs of a running docker container?
Improve this question
1
  • 1
    Can't you just do a volume/file mount? Commented Sep 1, 2016 at 13:17

3 Answers 3

Reset to default
2

The following contrived example demonstrates how a private key on the host machine can be read from within a container. 

docker run -it --rm -v ~/.ssh/id_rsa:/root/.ssh/id_rsa:ro ubuntu cat /root/.ssh/id_rsa

This should let a process running as root authenticate with your credential.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

  1. You need to add your private key if you want to authenticate via SSH, not your public key. In your case, that's probably the file id_rsa. The public key is used by the server to verify your identity.

  2. The Dockerfile is only used for the build, so there is no way to use it to do anything at runtime. I think your approach with the environment variable is reasonable...

  3. You can connect to the container via docker exec, open the bash and interact with the filesystem like you normally would:

    docker exec -it imagename /bin/bash

    This assumes that you are running a system with a bash. Otherwise, try /bin/sh.

Improve this answer

1 Comment

Thanks for that, using env variables and the private key worked. A couple of things that I had to solve in case anyone else tries it: 1. create the key file using the Dockerfile 2.give the correct permissions to the file so you can write from your node.js app
0

For non root user at host and docker:

docker run -v /home/<host user>/.ssh:/home/<docker user>/.ssh <image>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.