Permanent SSH + GPG keys
Hello guys,
my scenario of using Coder, is having it installed on my separate PC (i9 14900KF /64 GB) as development machine, installed on k3s single node cluster, and connected with a real sub domain to issue a real SSL certificate (needed for some apps I am working on).
The issue is I have two GitHub accounts, two bitbucket, on occasionally GitLab.
Q: What is the best way to store these keys (both SSH and gnupg) with the template, so each time I start a workspace and all keys included.
I have added the keys manually but they are removed whenever I restart the workspaces.
what do you suggest to solve this issue?
thanks in advance ❤️
11 Replies
<#1344955012618518570>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
plus curious how to do the same
@saun have you tried to do it?
I tried the following as POC
- added
.ssh folder in the template and included the keys
- in locals settings, I added the following
- added the coder_script part
- it works after couple restarts and with old workspaces after template upgrade
This is as POC, and is the best practice, security wise, but if local and nothing is deployes or pushed (in the templates) it works
@Atif @Ryan do you suggest better practices for this scenario
this is a good sol, not a secure solution though for a group of users
agree about the security point,
for multi user system it could be done as options for each workspace but it gets messy (already tried it, and it cause a headache when having many workspaces)
for multi user system it could be done as options for each workspace but it gets messy (already tried it, and it cause a headache when having many workspaces)
you might need to try using ENVBUILDER_BUILD_SECRETS mentioned here, https://github.com/coder/envbuilder/blob/main/docs/env-variables.md
GitHub
envbuilder/docs/env-variables.md at main · coder/envbuilder
Build development environments from a Dockerfile on Docker, Kubernetes, and OpenShift. Enable developers to modify their development environment quickly. - coder/envbuilder
not sure though..
if works, then it works...
assuming I was tagged by mistake haha
I would not suggest encoding it inside the template directly but you could rather set up a PVC that you exclusively use mounted to either the respective key folders (so
/home/whatever/.ssh and /home/whatever/.pgp iirc), or you could set up a completely different volume and then rewrite the paths used for the keys via environment variables or just use symlinks@Phorcys closed the thread.