devspace-sh
SSH Agent forwarding in devpace
Is your feature request related to a problem? Yes, we would like to be able to update dependencies when running devspace commands like dev/pipeline. I tried using
proxyCommands:
- gitCredentials: true
skipContainerEnv: true
to no avail
Which solution do you suggest?
Docker has following solutions
docker run --mount type=bind,source=$SSH_AUTH_SOCK,target=/ssh-agent \
--env SSH_AUTH_SOCK=/ssh-agent \
foo-image
and docker-compose this
something:
container_name: something
volumes:
- $SSH_AUTH_SOCK:/ssh-agent # Forward local machine SSH key to docker
environment:
SSH_AUTH_SOCK: /ssh-agent
so forwarding the ssh agent would achieve that. However as pointed out here it might be challenging
https://github.com/coderanger/kitchen-kubernetes/issues/5
Which alternative solutions exist?
updating my ssh/.config file to include ForwardAgent yes allows me to ssh in to my pod and run git pulls / dependency updates. However when running devspace dev that block automatically gets overwritten, and even if it's enabled running a pipeline command to update my dependencies it does not pick up the agent.
this is not ideal, but if it's the only way it would be nice to have devspace have a flag to turn on ForwardAgent when it updates the ssh config of the host.
Additional context We do not want to introduce our ssh keys into our image.
I am @mawkbagawk in the GoFundMe slack and our discussions on this topic happened here in the #loft-support-for-gofundme channel
https://gofundme.slack.com/archives/C0356D10LDC/p1681168730628459
@MarkVaughn thanks a lot for this issue! We will take a look what we can do there to make this possible.
Agreed this would be a great add. Being able to forward the agent could also provide a workaround for the gitCredential helper not being available during initial sync (#2349)
