Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

git clone and SSH key passphrase

Sébastien Doncker
Sébastien Doncker June 19, 2016

Hello, 

I try to use Bitbucket pipelines beta.

To build my repository, I need to build another repository from bitbucket.

So I configure a SSH Key but when I make a git clone, He ask me a passphrase for the key and block the automatic process.

Is there a way to pass this step without passphrase or providing the passphrase in anyway ?

To illustrate, here is my bitbucket-pipelines.yml file:

 

# You can use a Docker image from Docker Hub or your own container
# registry for your build environment.
image: maven:3.3.3
pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
            - mkdir ~/.ssh
            - echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
            - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
            - chmod 600 ~/.ssh/id_rsa
            - base64 ~/.ssh/id_rsa
            - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config
            - mvn --version
            - mkdir temp
            - cd temp
            - git clone git@bitbucket.org:dingorock/dingorock-helpers.git
            - cd dingorock-helpers
            - mvn clean install
            - cd ..
            - cd ..
            - mvn clean install

 

Thanks in advance,

Seb

Answer
Watch
Like # people like this
11834 views

2 answers

1 vote
Peter Geshev
Peter Geshev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 20, 2016

You can remove the passphrase of the key (more info here)  or you can create a new ssh key without passphrase

View More Comments
Rob Jones6
Rob Jones
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 22, 2016

I've tried removing the passphrase and creating a key without a passphrase and it still prompts you for a passphrase.

Like
Reply
0 votes
Sébastien Doncker
Sébastien Doncker June 23, 2016

Thank you, it's working.

But eventually, I don't understand how to have my private key in $SSH_KEY.

So :

  • I created a new SSH Key without passphrase
  • I added the private key in my git repository
  • I added the public key in my Bitbucket deployment key repository configuration

and do the following in the bitbucket-pipelines.yml :

 

image: maven:3.3.3
pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
            - mkdir ~/.ssh
            - cp bitbucket_pipelines_rsa ~/.ssh/id_rsa
            - chmod 600 ~/.ssh/id_rsa
            - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config


            - mvn --version


            - mkdir temp
            - cd temp
            - git clone git@bitbucket.org:dingorock/dingorock-helpers.git
            - cd dingorock-helpers
            - mvn clean install -DskipTests
            - cd ..

            - cd ..
            - mvn clean install

 

Thanks a lot for your answer.

Seb

View More Comments
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 3, 2016

I would highly advise against storing your private key as part of your repository, for security reasons.

I think I know what was going wrong for you (I also had to battle this for a while).

Firstly, delete the SSH key-pair you are using now. It's in your repos Git history and is no longer able to be considered secure. 

The issue I think you were having initially was that the SSH_KEY environment variable cannot be the plain text version of your id_rsa file. You need to encode it first in base64.

$ base64 ~/.ssh/id_rsa

You can see a full step-by-step guide here: https://answers.atlassian.com/questions/39243415

Let me know if you get stuck, you shouldn't have to have your secrets stored in your Git repository. smile

Like
Sébastien Doncker
Sébastien Doncker July 4, 2016

Oh ! Thanks for that, I didn't understand how to setup an Environment Variable. This is why I put the SSH KEY in my repo. And I know, it's bad ! sad

 

So, Now, I just figure out how I can add environment variable via the pipeline setting of my repo so I will be able to delete the key from it and use the base64 encoding.

 

Thanks a lot for your tips and provided links.

Like
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 4, 2016

You can find information on environment variables here: https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines

Specifically, you'll want to read the "User-defined repository variables" section. To quote the part you're probably looking for:

You can add, edit, and remove variables directly in the Bitbucket Pipelines settings which you can find in your repository under Settings > Bitbucket Pipelines > Environment variables

Hope that helps. smile

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.