I haven't tried this, but you can specify JSON data in your Vagrantfile.
If your deploy process gets your deploy key from an attribute, you can override that in the Vagrantfile. And, since a Vagrantfile is just ruby, you could get that key from just reading in a user's SSH public key file.
Something like
Vagrant.configure("2") do |config|
config.vm.provision "chef_server" do |chef|
# ...
chef.json = {
"myapp" => {
"deploy_key" => File.read(ENV['MYORG_DEPLOY_KEY'] || "#{ENV['HOME']}/.ssh/id_rsa.pub")
}
}
end
endMaybe?
-Matt Moretti
I feel like this has been done, demonstrated, but I couldn't find
anything on it.
Flow:
Provision a box
At some point in the run, pull a branch from github (master, tag, etc)
Restart service if changed
By using a GitHub deploy key, I can automate this for prod, sure.
But if I'm using Vagrant, and I want to restrict access to the deploy
key, is there a known way for me to specify "use a user's ssh-agent
forwarded ssh key instead".
Ideas, blogs, thoughts?
-M
Archive powered by MHonArc 2.6.16.