Add secret support for SSH key_data#1620
Merged
djmb merged 1 commit intobasecamp:mainfrom Dec 1, 2025
Merged
Conversation
djmb
reviewed
Aug 11, 2025
seuros
reviewed
Nov 7, 2025
d284dae to
b7827f0
Compare
djmb
approved these changes
Nov 28, 2025
Collaborator
djmb
left a comment
There was a problem hiding this comment.
Looks good!
The tests are failing but I think that's maybe just from Docker 29 changes that caused issues with the overlayfs file system. If you merge/rebase against main I think they'll hopefully pass.
b7827f0 to
c1d94ba
Compare
Contributor
Author
|
@djmb rebased on master. Hopefully they all pass now. |
I've modified `key_data` under `ssh` to read from secrets. This is backwards compatible with the insecure method of storing directly in the deploy.yml. I limited the documentation to only showing the secure way since there is no reason to suggest insecure methods.
c1d94ba to
8b8b722
Compare
Contributor
Author
|
@djmb I botched the last one. I think everything should pass on the CI now. I get some local failures, but those happen on master for me too. |
Contributor
Author
|
@djmb seems the remaining failure is happening on master as well. Hopefully good to merge now! |
Collaborator
|
Thanks! That failing test should be fixed with 5425a54 |
djmb
approved these changes
Dec 1, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I've modified
key_dataundersshto read from secrets. This is backwards compatible with the insecure method of storing directly in the deploy.yml. I limited the documentation to only showing the secure way since there is no reason to suggest insecure methods.