{"id":36487374,"url":"https://github.com/mdsol/docker-ssh-exec","last_synced_at":"2026-01-12T01:52:39.860Z","repository":{"id":137216621,"uuid":"45047252","full_name":"mdsol/docker-ssh-exec","owner":"mdsol","description":"Secure SSH key injection for Docker builds","archived":false,"fork":false,"pushed_at":"2022-01-18T09:17:49.000Z","size":15,"stargazers_count":89,"open_issues_count":5,"forks_count":13,"subscribers_count":436,"default_branch":"master","last_synced_at":"2024-06-20T02:00:23.908Z","etag":null,"topics":["patient-mgmt"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mdsol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-10-27T14:39:55.000Z","updated_at":"2024-01-03T14:12:56.000Z","dependencies_parsed_at":"2023-07-06T12:00:24.857Z","dependency_job_id":null,"html_url":"https://github.com/mdsol/docker-ssh-exec","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/mdsol/docker-ssh-exec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdsol%2Fdocker-ssh-exec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdsol%2Fdocker-ssh-exec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdsol%2Fdocker-ssh-exec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdsol%2Fdocker-ssh-exec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mdsol","download_url":"https://codeload.github.com/mdsol/docker-ssh-exec/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdsol%2Fdocker-ssh-exec/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28331260,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"ssl_error","status_checked_at":"2026-01-12T00:36:15.229Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["patient-mgmt"],"created_at":"2026-01-12T01:52:39.806Z","updated_at":"2026-01-12T01:52:39.854Z","avatar_url":"https://github.com/mdsol.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"docker-ssh-exec - Secure SSH key injection for Docker builds\n================\nAllows commands that require an SSH key to be run from within a `Dockerfile`, without leaving the key in the resulting image.\n\n----------------\nOverview\n----------------\nThis program runs in two different modes:\n\n* a server mode, run as the Docker image `mdsol/docker-ssh-exec`, which transmits an SSH key on request to the the client; and\n* a client mode, invoked from within the `Dockerfile`, that grabs the key from the server, writes it to the filesystem, runs the desired build command, and then *deletes the key* before the filesystem is snapshotted into the build.\n\n----------------\nInstallation\n----------------\nTo install the server, just pull `mdsol/docker-ssh-exec` like any other Docker image.\n\nTo install the client, just grab it from the [releases page][1], uncompress the archive, and copy the binary to somewhere in your `$PATH`. Remember that the client is run during the `docker build...` process, so either install the client just before invoking it, or make sure it's already present in your source image. Here's an example of the code you might run in your source image, to prepare it for SSH cloning from GitHub:\n\n    # install Medidata docker-ssh-exec build tool from S3 bucket \"mybucket\"\n    curl https://s3.amazonaws.com/mybucket/docker-ssh-exec/\\\n    docker-ssh-exec_0.5.1_linux_amd64.tar.gz | \\\n      tar -xz --strip-components=1 -C /usr/local/bin \\\n      docker-ssh-exec_0.5.1_linux_amd64/docker-ssh-exec\n    mkdir -p /root/.ssh \u0026\u0026 chmod 0700 /root/.ssh\n    ssh-keyscan github.com \u003e/root/.ssh/known_hosts\n\n\n----------------\nUsage\n----------------\nTo run the server component, pass it the private half of your SSH key, either as a shared volume:\n\n    docker run -v ~/.ssh/id_rsa:/root/.ssh/id_rsa --name=keyserver -d \\\n      mdsol/docker-ssh-exec -server\n\nor as an ENV var:\n\n    docker run -e DOCKER-SSH-KEY=\"$(cat ~/.ssh/id_rsa)\" --name=keyserver -d \\\n      mdsol/docker-ssh-exec -server\n\nThe benefit of this second method is that OS X systems using a virtual Docker host cannot easily use Docker's shared volume feature with files on the OS X side. The drawback is that the kay data is exposed in the process list.\n\nThen, run a quick test of the client, to make sure it can get the key:\n\n    docker run --rm -it mdsol/docker-ssh-exec cat /root/.ssh/id_rsa\n\nFinally, as long as the source image is set up to trust (or ignore) GitHub's server key, you can clone private repositories from within the `Dockerfile` like this:\n\n    docker-exec-ssh git clone git@github.com:my_user/my_private_repo.git\n\nThe client first transfers the key from the server, writing it to `$HOME/.ssh/id_rsa` (by default), then executes whatever command you supply as arguments. Before exiting, it deletes the key from the filesystem.\n\nHere's the command-line help:\n\n    Usage of docker-ssh-exec:\n      -key string\n          path to key file (default \"~/.ssh/id_rsa\")\n      -port int\n          server receiving port (default 1067)\n      -pwd string\n          password for encrypted RSA key\n      -server\n          run key server instead of command\n      -version\n          print version and exit\n      -wait int\n          client timeout, in seconds (default 3)\n\nThe software quits with a non-zero exit code (\u003e100) on any error -- except a timeout from the keyserver, in which case it will just ignore the timeout and try to run the build command anyway. If the build command fails, `docker-ssh-exec` returns the exit code of the failed command.\n\n\n----------------\nKnown Limitations / Bugs\n----------------\nThe key data is limited to 4096 bytes.\n\nOn macOS 10.14 or later, the default format of `ssh-keygen` will produce\nan \"OpenSSH private key\" ([reference][2]). For example:\n\n```\n$ ssh-keygen -t rsa -b 4096 -C \"...@email.com\" -f ~/.ssh/before_rsa\nGenerating public/private rsa key pair.\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved in ${HOME}/.ssh/before_rsa.\nYour public key has been saved in ${HOME}/.ssh/before_rsa.pub.\nThe key fingerprint is:\n...\n$ head -2 ~/.ssh/before_rsa\n-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZOJlIwH\n```\n\nTo use a passphrase, this library requires an actual \"RSA private key\".\nTo make `ssh-keygen` produce one, use the `-m` (key format) flag:\n\n```\n$ ssh-keygen -t rsa -b 4096 -C \"...@email.com\" -f ~/.ssh/after_rsa -m PEM\n...\n$ head -5 ~/.ssh/after_rsa\n-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,70B1F7ECFCC66C9DF073996B92D3C01E\n\nGNhm2zcN6oz+K9yZimDMx6w5PD+mDz7ylVulz+PnYVP5TVs4yZuVZF3GGlu/NYZ1\n```\n\n----------------\nContribution / Development\n----------------\nThis software was created by Benton Roberts _(broberts@mdsol.com)_\n\nTo build it yourself, just `go get` and `go install` as usual:\n\n    go get github.com/mdsol/docker-ssh-exec\n    cd $GOPATH/src/github.com/mdsol/docker-ssh-exec\n    go install\n\n\n--------\n[1]: https://github.com/mdsol/docker-ssh-exec/releases\n[2]: https://serverfault.com/q/939909/167925\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdsol%2Fdocker-ssh-exec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmdsol%2Fdocker-ssh-exec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdsol%2Fdocker-ssh-exec/lists"}