GitHub action to load a key into in memory using a temp disk (tmpfs).
It can be used as an attempt to keep the private ssh key from being written to disk.
⚠️ Beware this action only works with passphrase-less key.
- name: Load ssh key in agent
id: agent
uses: LeastAuthority/ssh-agent-action@v1
with:
private_key: ${{ secrets.SSH_KEY }}Alternatively, assuming that the private_key is already available as a file in an existing tmpfs (e.g. using mount-tmpfs), the input can be the path to that file.
- name: Load ssh key in agent
id: agent
uses: LeastAuthority/ssh-agent-action@v1
with:
private_key: /path/to/private_keyThe action set a variable in the environment which can be used to find the socket to interact with the agent.
By default, the name of the variable is SSH_AUTH_SOCK and the path to the socket is ${{ github.workspace }}/S.agent.ssh.
Those can be changed respectively with the auth_sock_name and auth_sock_path inputs.
Without changing anything, most ssh client should now be able to use the key.
- name: Test ssh connection
run: |
ssh -a -x -o StrictHostKeyChecking=no alice@server.example.com whoamiThe ssh-agent can be re-used inside a docker container.
- name: Test ssh connectivity inside docker
run: |
docker run \
-e SSH_AUTH_SOCK=${SSH_AUTH_SOCK} \
-v ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK} \
codingkoopa/openssh ssh -a -x -o StrictHostKeyChecking=no alice@server.example.com whoami