The global environment hook check for these secrets files in the s3 secret bucket:
private_ssh_key
environment or env
git-credentials
The problem is that environment hook is tight in having a private ssh key to be present in the secret bucket, otherwise fails and exit the build. Hence the rest of the files (environment/env or git-credentials) aren't being checked.
I believe line 45 should only throw a warning message (remove the exit 1). The reason is the someone may choose to use git-credential for git over https rather than git over ssh.
In addition, in my case, due to security reasons, I can only pull the ssh key from the organisation's internal vault and do a ssh-add. Thus, the env script is more appropriate for me.
Perhaps, exit 1 at the end if none of the files exist would make more sense?
Thanks @avi-beetul, more than a year later but I think we agree. Pull request #32 proposes removing the exit 1 to make it a soft warning instead of a hard failure.
The global environment hook check for these secrets files in the s3 secret bucket:
The problem is that environment hook is tight in having a private ssh key to be present in the secret bucket, otherwise fails and exit the build. Hence the rest of the files (environment/env or git-credentials) aren't being checked.
The check condition happens at this line - https://github.com/buildkite/elastic-ci-stack-s3-secrets-hooks/blob/master/hooks/environment#L45
I believe line 45 should only throw a warning message (remove the
exit 1
). The reason is the someone may choose to use git-credential for git over https rather than git over ssh. In addition, in my case, due to security reasons, I can only pull the ssh key from the organisation's internal vault and do assh-add
. Thus, the env script is more appropriate for me.Perhaps,
exit 1
at the end if none of the files exist would make more sense?