Build SSH keys
Securely pass SSH keys to the Docker build command
Last updated
Securely pass SSH keys to the Docker build command
Last updated
With Release, you can pass SSH keys to the docker build command as part of the build process.
You might need to pass SSH keys to a docker build command if the build process pulls code or other dependencies from a private Git repository hosted on a remote server. To access the repository, the build process will authenticate with the server using SSH keys.
Start by updating your Dockerfile to use the passed-in SSH keys.
Use RUN --mount=type=ssh,id=your_key_name to mount the SSH key in your Dockerfile. Read more about SSH keys and Docker builds in the Docker documentation.
If you plan to use only one SSH key in your organization, you can use RUN --mount=type=ssh without the ID, and name the SSH key default in the Release UI.
In Release, you can set build SSH keys at the account level. These SSH keys will be passed to all the builds in your account.
Access the build SSH keys by going to Configuration -> SSH Keys
The following fields are required to add a new SSH key:
Name: The name of the SSH key. Release uses this name to pass the SSH key when building the Dockerfile. The SSH key name should match the id of the SSH key in your Dockerfile.
Secret Identifier: This can be either the full private SSH key (including BEGIN and END tags) or the secret ID of the SSH key stored in your cloud secret storage and configured in Release.
The following Dockerfile example clones a GitHub repo and uses the SSH key with the name myssh:
By default, the SSH keys you add in the Release Build Settings UI are stored in the Release Secrets Manager. However, you can use SSH keys stored in AWS SSM, AWS Secrets Manager, or GCP Secret Manager to pass to Docker builds, as long as these secrets managers are configured with Release. Learn more about configuring your secrets manager with Release in our importing secrets from external secrets managers documentation.
