Skip to content
Snippets Groups Projects
Commit b98dcb77 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Merge branch '75.deploy-key-permissions' into 'develop' 

Remove group and other permissions from the deploy key

Closes #75

See merge request !134
parents a816c534 8dd00d39
No related branches found
No related tags found
3 merge requests!140Merge staging into production,!135Merge develop into staging,!134Remove group and other permissions from the deploy key
Pipeline #892 passed
Stage: build
Stage: test
Hide whitespace changes
Inline Side-by-side
Showing
with 10 additions and 2 deletions
.gitlab-ci.yml
+ 10
2
View file @ b98dcb77
...@@ -82,9 +82,17 @@ system-tests: ...@@ -82,9 +82,17 @@ system-tests:
# Copy the deploy key from the environment to a file so we can actually # Copy the deploy key from the environment to a file so we can actually
# tell ssh to use it. # tell ssh to use it.
- | - |
# The environment variable is configured with GitLab using Terraform so # Make sure the deploy key file is not readable by anyone else. Not
# we can retain some bare minimum level of confidentiality. # that there should be anyone else looking - but OpenSSH won't even read
# it if it looks like it is too open.
umask 077
# Make up a safe-ish place on the filesystem to write the key.
KEY_PATH="$(mktemp -d)/deploy_key" KEY_PATH="$(mktemp -d)/deploy_key"
# The environment variable holding the key is configured with GitLab
# using Terraform so we can retain some bare minimum level of
# confidentiality.
base64 --decode "${PRIVATESTORAGEIO_STAGING_SSH_DEPLOY_KEY}" > "${KEY_PATH}" base64 --decode "${PRIVATESTORAGEIO_STAGING_SSH_DEPLOY_KEY}" > "${KEY_PATH}"
# Update the deployment # Update the deployment
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment