Pass Jenkins Ssh Credential Into Container
I need a solution that will allow Jenkins or users to pass their key to a build command, this will be done with a build argument. Users will cat their key into the argument while Jenkins will set it to a valid credential in the pipeline.
Solution
This solution is created from this ssh-add method, this eval method.
In the Jenkinsfile; You can begin to understand the SSH credential variable in the jenkins docs but the important parts are that the full SSH credential variable is actually a file path so we cat it just like a normal file. We use set +x to hide the printing of our private key, a side effect of cat-ing the variable.
Your Containerfile
ARG SSH_KEY
...
RUN eval $(ssh-agent -s) && ssh-add - <<< "${SSH_KEY}" && GIT_SSH_COMMAND="ssh -oStrictHostKeyChecking=accept-new" git clone ssh://git@bitbucket.com/proj/repoThe manual command line
podman build --build-arg=SSH_KEY="$(cat ~/.ssh/id_ecdsa)" --build-arg-file latest.argfile -t ubi8-project:ssh-test .Jenkinsfile
pipeline { agent { label 'buildah' } environment { SSH_KEY = credentials('ssh-cred-ecdsa') IMAGE = "contoso/ubi8-project" TAG = "${env.BRANCH_NAME == "master" ? "latest" : "${BRANCH_NAME}"}" } stages { stage('Build') { steps { sh ''' set +x && podman build --build-arg=SSH_KEY="$(cat ${SSH_KEY})" --build-arg-file latest.argfile --tag ${IMAGE}:${TAG} . ''' } } stage('Push') { steps { sh ''' ver=$(git log --pretty=format:'%h' -n 1) ''' } } }}Possibilities
https://stackoverflow.com/questions/72618410/use-ssh-key-from-env-var
GIT_SSH_COMMAND=ssh -i /tmp/TempFileGeneratedeval $(ssh-agent)ssh-add - <<< "${SSH_PRIVATE_KEY}"GIT_SSH_COMMAND='ssh -i private_key_file -o IdentitiesOnly=yes' git clone user@host:repo.gitwithCredentials([sshUserPrivateKey(credentialsId: '<credential ID here>', keyFileVariable: 'KEY_FILE_PATH')]) { docker.image('MY_IMAGE').inside { sh 'cp $KEY_FILE_PATH ~/.ssh/id_rsa' sh '/bin/my-command my-args' }}