My Node.JS project contains references to private NPM repos hosted on github. This works fine locally, but I'm struggling to get this working on Elastic Beanstalk.
dependencies: {
...
"express": "^4.12.4",
"jsonwebtoken": "^5.0.5",
"my-private-module": "git@github.com:<my-user>/<my-repo>.git#<my-version>",
...
}
-
What I need is to be able to set up a working SSH configuration for git on my Elastic Beanstalk instances, without having to store secret keys etc in source control.
Obviously, the EB instances do not have the needed SSH keys to access my private github repos. If I use HTTPS style git URL's with username:password@github.com
inlined, it works fine. It also works using the oauth token method offered by github (which is essentially a user:pass). But I do not want any credentials to be checked in to source control, so I'm trying to get cloning from github to work via SSH on my EB instances.
I've tried a million ways, including npm preinstall
scripts according to this blog post, which used to work until npm2 where a change made preinstall to run after the tree is built, and the PR to fix that issue is still pending.
I've tried an .ebextensions
commands configuration that tries to call git config
to place an insteadof
on git@github.com into a HTTPS URL with an OAUTH token coming from an environment variable (tricky in itself since env variables aren't set at this time in the startup cycle, and the lack of $HOME makes git config confused).
I've also tried various different ways using .ebextensions
to setup SSH on my EB instances, including this solution from the comments on the mentioned blog post. This is basically where I'm stuck now.
- I have successfully created a key pair, set it up on my github profile, and verified that the private key is usable from my local client to clone my repo
- I have put my private key and a ssh config file on a private S3 bucket
- I've created an
.ebextensions
files
configuration which copies these two files from my S3 bucket into/tmp/.ssh/
, according to this example - I've created a debug
commands
.ebextensions
configuration which lists /tmp/.ssh and shows that the files were downloaded from S3 successfully:
/tmp/.ssh/config contains:
Host github.com
IdentityFile /tmp/.ssh/deploy_key
IdentitiesOnly yes
UserKnownHostsFile=/dev/null
StrictHostKeyChecking no
/tmp/.ssh/deploy_key contains my private key which is verified to work locally.
However, git still throws an error:
npm ERR! Command failed: git clone --template=/tmp/.npm/_git-remotes/_templates --mirror ssh://git@github.com/[.....]
npm ERR! Cloning into bare repository '/tmp/.npm/_git-remotes/git-ssh-git-github-com-[...]
npm ERR! Host key verification failed.
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
I am now running out of ideas. My best guess would be that /tmp/.ssh is not the path where git goes to look for the ssh config file - it might have been when the linked solution was proposed but might have changed in later AMI:s etc. The environment used when EB is starting up seems to be a bit limited; commands are run as user nodejs
but /tmp seems to be used as the home directory, even though $HOME is not set anywhere.
How can I get git to pick up my SSH config, and consequently use my SSH key? How can I find out where git looks for a SSH config file? Normally it's in ~/.ssh, but since $HOME is not set, well... This should be easy but is driving me nuts.