Build SSH keys

Securely pass SSH keys to the Docker build command

With Release, you can pass SSH keys to the docker build command as part of the build process.

You might need to pass SSH keys to a docker build command if the build process pulls code or other dependencies from a private Git repository hosted on a remote server. To access the repository, the build process will authenticate with the server using SSH keys.

Add the SSH key to a Dockerfile

Start by updating your Dockerfile to use the passed-in SSH keys.

Use RUN --mount=type=ssh,id=your_key_name to mount the SSH key in your Dockerfile. Read more about SSH keys and Docker builds in the Docker documentation.

If you plan to use only one SSH key in your organization, you can use RUN --mount=type=ssh without the ID, and name the SSH key default in the Release UI.

Add the SSH key to Release

In Release, you can set build SSH keys at the account level. These SSH keys will be passed to all the builds in your account.

Access the build SSH keys by going to Configuration -> SSH Keys

The following fields are required to add a new SSH key:

  • Name: The name of the SSH key. Release uses this name to pass the SSH key when building the Dockerfile. The SSH key name should match the id of the SSH key in your Dockerfile.

  • Secret Identifier: This can be either the full private SSH key (including BEGIN and END tags) or the secret ID of the SSH key stored in your cloud secret storage and configured in Release.

Example Dockerfile and Release SSH key

The following Dockerfile example clones a GitHub repo and uses the SSH key with the name myssh:

Dockerfile
# start from a base image
FROM ubuntu:20.04

# install dependencies
RUN apt-get update && apt-get install -y git
RUN sed /^StrictHostKeyChecking/d /etc/ssh/ssh_config; \
  echo StrictHostKeyChecking no >> /etc/ssh/ssh_config
  
# clone the target repository
RUN --mount=type=ssh,id=myssh git clone git@github.com:release/example_privaterepo.git

SSH keys and secrets

By default, the SSH keys you add in the Release Build Settings UI are stored in the Release Secrets Manager. However, you can use SSH keys stored in AWS SSM, AWS Secrets Manager, or GCP Secret Manager to pass to Docker builds, as long as these secrets managers are configured with Release. Learn more about configuring your secrets manager with Release in our importing secrets from external secrets managers documentation.

Last updated