Docker and how to add the SSH key to a container

Sometimes we need to build a container and install a library from a private repository

Image by congerdesign from Pixabay

TL;DR

We will send SSH private key using --build-arg then write it to id_ed25519 or id_rsa file in the container.

Dockerfile (the important part)

# Add ssh private key into container
ARG SSH_PRIVATE_KEY
RUN mkdir ~/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519
RUN chmod 600 ~/.ssh/id_ed25519
RUN ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts
# Print SSH_PRIVATE_KEY (for test)
# RUN echo "${SSH_PRIVATE_KEY}"
RUN npm install

Build and run

$ docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" -t sample-project .
$ docker run sample-project

Let’s create 1 project and 1 private library to test the above solution.

1. Create a private repository name sample-libaryin https://bitbucket.org

create a new repository in bitbucket.org

2. Clone this repository

$ git clone git@bitbucket.org:YOUR_USERNAME/sample-library.git

3. Create a new node project and set it up. For npm init questions, You just press enter every question.

$ cd ~
$ mkdir sample-library
$ cd sample-library
$ npm init

4. package.json should be like this.

{
  "name": "sample-library",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "repository": {
    "type": "git",
    "url": "git+ssh://git@bitbucket.org/YOUR_USERNAME/sample-library.git"
  },
  "author": "",
  "license": "ISC",
  "homepage": "https://bitbucket.org/YOUR_USERNAME/sample-library#readme"
}

5. Create index.js then input this

module.exports = {
  getMessage: function() {
    return 'This message is from the private library'
  }
}

5. Commit all change and push to the repository

$ git add .
$ git commit -m "Initial"
$ git push -u origin master

6. You should see index.js and package.json on bitbucket.org

list of file in simple-library

7. Now, let’s create a new project name sample-project. Again, you just press enter for every question.

$ cd ~
$ mkdir sample-project
$ cd sample-project
$ npm init

8. Install sample-library

$ npm install ssh+git://git@bitbucket.org:YOUR_USERNAME/sample-library.git

9. You should receive this message

npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN sample-project@1.0.0 No description
npm WARN sample-project@1.0.0 No repository field.
+ sample-library@1.0.0
added 1 package and audited 1 package in 14.178s
found 0 vulnerabilities

10. Create index.js then add this code

const { getMessage } = require('sample-library')
console.log(getMessage())

11. Test it by running sample-project

$ node ~/sample-project/index.js

12. You should get this message

This message is from the private library

13. Now, we create the Dockerfile in sample-project then put this code

FROM node:14
WORKDIR /usr/src/app
COPY package*.json ./
# Add ssh private key into container
ARG SSH_PRIVATE_KEY
RUN mkdir ~/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519
RUN chmod 600 ~/.ssh/id_ed25519
RUN ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts
# Print SSH_PRIVATE_KEY (for test)
# RUN echo "${SSH_PRIVATE_KEY}"
RUN npm install
COPY . .
CMD ["node", "index.js"]

14. Create.dockerignore and add this below code. We will copy everything in the project to the container except the node_modules folder

node_modules

15. sample-project should have 5 files like this

$ ls -la
total 40
drwxr-xr-x  8 pagorn  staff  256 Sep  6 22:15 .
drwxr-xr-x  6 pagorn  staff  192 Sep  6 23:13 ..
-rw-r--r--  1 pagorn  staff   12 Sep  6 22:15 .dockerignore
-rw-r--r--  1 pagorn  staff  385 Sep  6 22:38 Dockerfile
-rw-r--r--  1 pagorn  staff   75 Sep  6 21:51 index.js
drwxr-xr-x  3 pagorn  staff   96 Sep  6 21:27 node_modules
-rw-r--r--  1 pagorn  staff  341 Sep  6 21:27 package-lock.json
-rw-r--r--  1 pagorn  staff  315 Sep  6 21:27 package.json

16. Build and run docker (if you are using Powershell or command line please look at the below Tip)

$ cd ~/sample-project
$ docker build --build-arg SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" -t sample-project .
$ docker run sample-project

17. You should get this message. It means we success to install the library from a private repository

This message is from the private library

18. That’s it 🎉 Enjoys!

Tip 💡

For Windows lover, If you try to do this in Powershell or command line you should try this

$ cd ~/sample-project
$key = cat ~/.ssh/id_ed25519
$key.replace(" OPENSSH PRIVATE KEY","_OPENSSH_PRIVATE_KEY").replace(" ", "\n").replace("_", " ")
$ docker build --build-arg SSH_PRIVATE_KEY=$key -t sample-project .
$ docker run sample-project

The purpose is we try to replace white-space with a new-line character.

Reference

• https://stackoverflow.com/a/42125241/2398284
• https://ss64.com/ps/replace.html