Wednesday, November 30, 2016

SSH Keys in Docker (via Habitus)

Using Private SSH Keys in a Docker image (using Habitus)

Habitus is a standalone build flow tool for Docker. Among other things it allows to securely share your shh keys to your docker imagas via a temporary web server. You can find more details in this blog post

Here I share some of the issues I run into when using the tool:

  • Intallation:

When you go to the downloads, the downloaded file seems to be a text file …. It’s actually an excutable, but you need to change it’s permissions and make it available system-wide (or I suppose you could also copy it into every project)

mv ~/Downloads/habitus_darwin_amd64-2 /usr/local/bin/habitus
cd /usr/local/bin/
chmod +x habitus
  • Issues related to Docker for Mac(native)

The latest version of Habitus supports Docker for Mac but you need to use a Linux socket to connect with no TLS. This is documented in this issue and not anywhere in the documentation

Additionally, the host needs to be set to you active private ip (any enX)

ipconfig getifaddr en0

After verifying your ip, you can invoke habitus as follows

sudo habitus --build host=$(ipconfig getifaddr en0) --host unix:///var/run/docker.sock --binding=0.0.0.0

How to use your secrets within your Dockerfile is given in this example

Finally - the tar that comes with mac won’t work, so you’ll need to get the gnu version

brew install gnu-tar
PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"