Passing ssh keys securely into specific user in docker container

SaikiranJetti
May 9, 2024
176 views
1 vote
2 Answers

I was able to clone securely at the 4th step in the below dockerfile but not able to clone in the last step.

I have a use case where I have to create the user in the dockerfile. ssh clone is failing after changing the user is dockerfile

# syntax=docker/dockerfile:experimental
FROM python:3.10-bullseye
ARG APP_PATH=/opt/app
RUN mkdir -p /etc/ssh && ssh-keyscan bitbucket.org > /etc/ssh/ssh_known_hosts

RUN  --mount=type=ssh git clone [email protected]:workspace/repo.git
# Create user and set ownership and permissions as required
RUN useradd -ms /bin/bash -u 999 john
RUN mkdir "$APP_PATH" && chown john:john -R "$APP_PATH"
WORKDIR $APP_PATH
USER john


COPY --chown=john:john . .
RUN  --mount=type=ssh git clone [email protected]:workspace/repo.git

docker build command:
docker build --ssh default -t app2:latest -f Dockerfile .

Answers

Chosen as BEST ANSWER
- SaikiranJetti
- May 9, 2024 at 11:26 am
- 0 votes
0
The problem got solved by adding uid=999 for the last ssh git cloning line.

RUN --mount=type=ssh,uid=999 git clone [email protected]:workspace/repo.git

(Edit)

- stzov
- May 9, 2024 at 10:45 am
- 0 votes
0
You need to change the folder and file permissions like so:
```
RUN mkdir -p /etc/ssh && chmod 0755 /etc/ssh && ssh-keyscan bitbucket.org > /etc/ssh/ssh_known_hosts && chmod 644 /etc/ssh/ssh_known_hosts
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.