search

wandera / git2kube

Simple tool for syncing Git repository with K8s ConfigMap or Secret
MIT License
35 stars 6 forks source link

Cannot decode encrypted private keys #15

Open ninhdhx opened 6 years ago

ninhdhx commented 6 years ago

-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,D7C72273BE168626E5B2D1BC72E56326 ... -----END RSA PRIVATE KEY----

coufalja commented 6 years ago

Could you please elaborate on this a little bit more?

ninhdhx commented 6 years ago

K8s manifest

args:
          - 'watch'
          - 'configmap'
          - '--configmap=config'
          - '--namespace=config'
          - '--branch=master'
          - '--git=git@gitlab.com:path/to/private/repo.git'
          - '--interval=30'
          - '--ssh-key=/home/.ssh/id_rsa'

Error log:

Error: Couldn't parse SSH key: ssh: cannot decode encrypted private keys
Usage:
  git2kube watch configmap [flags]

Flags:
      --annotation strings   annotation to add to K8s ConfigMap (format NAME=VALUE)
  -m, --configmap string     name for the resulting ConfigMap
  -h, --help                 help for configmap
  -k, --kubeconfig           true if locally stored ~/.kube/config should be used, InCluster config will be used if false (options: true|false) (default: false)
      --label strings        label to add to K8s ConfigMap (format NAME=VALUE)
      --merge-type string    how to merge ConfigMap data whether to also delete missing values or just upsert new (options: delete|upsert) (default "delete")
  -n, --namespace string     target namespace for the resulting ConfigMap (default "default")

Global Flags:
  -b, --branch string             branch name to pull (default "master")
  -c, --cache-folder string       destination on filesystem where cache of repository will be stored (default "/tmp/git2kube/data/")
      --exclude strings           regex that if is a match excludes the file from the upload, example: '*.yaml' or 'folder/*' if you want to match a folder (default [^\..*])
  -g, --git string                git repository address, either http(s) or ssh protocol has to be specified
      --healthcheck-file string   path to file where each refresh writes if it was successful or not, useful for K8s liveness/readiness probe
      --include strings           regex that if is a match includes the file in the upload, example: '*.yaml' or 'folder/*' if you want to match a folder (default [.*])
  -i, --interval int              interval in seconds in which to try refreshing ConfigMap from git (default 10)
  -l, --log-level string          command log level (options: [panic fatal error warning info debug]) (default "info")
  -p, --ssh-key string            path to the SSH private key (git repository address should be 'git@<address>', example: git@github.com:WanderaOrg/git2kube.git)

time="2018-09-07T06:13:51Z" level=error msg="Command failed: Couldn't parse SSH key: ssh: cannot decode encrypted private keys"

I suppose if we have DER block with an RSA private key, we have to use x509.ParsePKCS1PrivateKey to parse the key