I am attempting to store my github fingerprint as an Environment Variable in my project and use it inside of the add_ssh_keys command in circle.yml.
- add_ssh_keys:
fingerprints: $PROJ_FINGERPRINT
I would prefer doing this rather than adding the fingerprint directly to my repository. However, circle does not seem to pick up on environment variables in these circle specific commands. It only picks up on them in custom commands. It also doesn’t seem possible to add SH keys in custom commands, according to the documentation:
“Even though CircleCI uses ssh-agent to sign all added SSH keys, you must use the add_ssh_keys key to actually add keys to a container.”
Does anyone know of another possible way around this? If any? Thank you for the help in advance.
I’ve not done this, but I imagine that add_ssh_keys is not strictly necessary - I think it is just a convenience.
You could add your key and fingerprint as environment variables in the CircleCI UI, and then copy them into place in the ~/.ssh folder manually. You might have to encode the newlines as something else and swap them, or maybe base64 encode it, so it is just a long string. The main challenge will be seeing if CircleCI can cope with long strings - but I would be surprised if it cannot.
That all said, I believe add_ssh_keys will just add all keys if you don’t give it a map - if you only have one key then you don’t need to specify fingerprints at all.
For security reasons we do not inject all keys automatically into the job. Customer may add keys for certain use cases, and therefore we require that you implicitly define which keys you want added to the container.
I think we are talking at cross-purposes. I believe you meant to say that add_ssh_keys is mandatory, not that fingerprints is. I was wondering why this is so, given that it can be done manually with environment variables and creating .ssh files manually.