dpoirier
commented
6 years ago It makes me uneasy to distribute my private key to any server I deploy to. Also, if devs are following our security policy, we'll have passphrases set on our key files and this won't work.
I'm wondering about instead trying to get agent forwarding to work, as mentioned here https://www.calazan.com/using-ssh-agent-forwarding-with-ansible/. I'm going to see how hard that is.
copelco
GitHub deploy keys only grant access to a single repository. Sometimes a project may require access to several different private GitHub repos. For example, if a pip requirements file references several private Git repos. GitHub suggests using a Machine User in this scenario.
This PR proposes to allow specification of the project user's private SSH key from ansible vault. Then any git pull (whether invoked directly by git or within pip) will use this SSH key.