Try to put the deploy key on tmpfs

.gitlab-ci.yml

@@ -87,18 +87,20 @@ deploy-to-staging:
     - |
       # The environment variable is configured with GitLab using Terraform so
       # we can retain some bare minimum level of confidentiality.
-      base64 --decode "${PRIVATESTORAGEIO_STAGING_SSH_DEPLOY_KEY}" > "${PWD}"/deploy_key
+      KEY_DIR="$(mktemp -d -p "${XDG_RUNTIME_DIR}-deploy_key")"
+      KEY_PATH="${KEY_DIR}/deploy_key"
+      base64 --decode "${PRIVATESTORAGEIO_STAGING_SSH_DEPLOY_KEY}" > "${KEY_PATH}"
 
     # Update the deployment
     - |
-      ./ci-tools/deploy-to-staging "${PWD}"/deploy_key ${name}
+      ./ci-tools/deploy-to-staging "${KEY_PATH}" ${name}
 
     # Remove the key from the filesystem to reduce the chance of unintentional
     # disclosure.  Overall our handling of this key is still not *particulary*
     # safe or secure but that's why the key is only authorized to perform a
     # single very specific operation.
     - |
-      rm -v "${PWD}"/deploy_key
+      rm -v "${KEY_PATH}"
 
 deploy-to-production:
   stage: "deploy"