Manage SSH authorized keys from GitHub with GitHub Actions.
This action will
- Fetch public key from GitHub username e.g. https://github.com/dhsathiya.keys
- Add provided users in keys.csv to the respective remote machines.
Note: This action is still under development, but works. Check TODO for more details
I get bore when I have to add a user or check the SSH access for someone.
With this action I can centrally monitor who can access what!
-
create workflow directory and add yml file.
.github/workflows/ssh_key.yml
on: push: branches: - master name: Update SSH Keys jobs: Update-SSH-key: name: Update and sync files runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: fetch-depth: 2 - name: Update and sync files uses: dhsathiya/action-ssh-keys@master env: DEPLOY_KEY: ${{secrets.DEPLOY_KEY}}
-
Create a GitHub secret named
DEPLOY_KEY
and add private key which will be used forrsync
. -
Add the respective public key to the
DEPLOY_KEY
on all the machines on which you want to use this action. -
Create file
default.key
in the GitHub repository root and add the public key in it.- This step is necessary, so that the SSH key used by action gets whitelisted on every run.
- Other reason is, you are using this action because you don't like manual stuff and you also won't like to add the
step 3
key after every run. 😉
-
Create
keys.csv
file.- Simple csv file, field separated with
,
- Simple csv file, field separated with
user@hostname | /path/to/authorized_keys | ||||
---|---|---|---|---|---|
root@dev.sitename.tld | /root/.ssh/authorized_keys | user1 | user2 | ||
www-data@prod.sitename.tld | /var/www/.ssh/authorized_keys | user1 | user2 | user3 | user4 |
The action will by default ignore first line.
- Checks and filters for CSV file fields
- Only run on diff
- Fail checks
- Feature: Direct SSH key support
- Make action code as per best practices
- Lighter Docker image
- HashiCorp Vault Support
- Publish Action
- Slack Notification
MIT © 2020 Devarshi Sathiya