Using Private SSH Keys in a Docker image (using Habitus)
Habitus is a standalone build flow tool for Docker. Among other things it allows to securely share your shh keys to your docker imagas via a temporary web server. You can find more details in this blog post
Here I share some of the issues I run into when using the tool:
- Intallation:
When you go to the downloads, the downloaded file seems to be a text file …. It’s actually an excutable, but you need to change it’s permissions and make it available system-wide (or I suppose you could also copy it into every project)
mv ~/Downloads/habitus_darwin_amd64-2 /usr/local/bin/habitus
cd /usr/local/bin/
chmod +x habitus
- Issues related to Docker for Mac(native)
The latest version of Habitus supports Docker for Mac but you need to use a Linux socket to connect with no TLS. This is documented in this issue and not anywhere in the documentation
Additionally, the host needs to be set to you active private ip (any enX)
ipconfig getifaddr en0
After verifying your ip, you can invoke habitus as follows
sudo habitus --build host=$(ipconfig getifaddr en0) --host unix:///var/run/docker.sock --binding=0.0.0.0
How to use your secrets within your Dockerfile is given in this example
Finally - the tar that comes with mac won’t work, so you’ll need to get the gnu version
brew install gnu-tar
PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"
You also need the args `--secrets=true` for the above to work ... (per https://github.com/cloud66/habitus/issues/67)
ReplyDelete