I am creating some proprietary workflows and actions along with some colleagues and we’re storing them in our organization’s GitHub in separate repos.
In order to use the
st2 pack install ssh://email@example.com:_GHUSER_/_REPO_ convention, for a Private repository, it requires a valid SSH key pair with access to the repo stored in the
root user’s SSH config.
This works great for a single repo using a Deploy Key. Or for multiple repos using an actual GH user account with an SSH key that you also install on the ST2 server instance.
In cases where you don’t want to use a personal SSH key on a shared server running the ST2 instance, it appears there is no way to support multiple Private repo’s using Deploy Keys without needing to comment out all other Deploy keys in the
~/.ssh/config file before running the
st2 pack install command.
The problem is that SSH will offer up all the keys it knows about, and github.com will happily accept the very first key that works, and thus will only be able to install from a private repo that uses that specific key. And for the record, you can only use a Deploy key on one specific repo in all of github land.
I was hoping to find a way to pass an IdentityFIle parameter to the
packs.download action step of the
packs.install workflow, but no dice.
Anyone have thoughts on this? I’m going to look at using SSL tokens instead, but that’s a bit less secure since it will show up in logs since it becomes part of the URL.