Open in app

Sign in

Write

Sign in

Setting up an SSH Key for your containers using docker compose

The bellow assumes that you are using docker compose to orchestrate your applications.

Sieg
2 min readJan 3, 2022

When creating a docker image you would want to have all the necessary requirements to run your application. That would include package dependencies as well as other resources needed for your stack. Typically this is a straightforward process but when you add private repositories or packages in the mix you will need to make sure your containers have the necessary permissions to pull from these resources.

A common solution is to copy an existing SSH key (Bitbucket or GitHub for example) to your image during your image build in order for your application to pull from your private repositories within your container. The code bellow is an example of how it might look in your Dockerfile.

ARG SSH_PRIVATE_KEY
RUN mkdir ~/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
RUN chmod 600 ~/.ssh/id_rsa
RUN ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts

If you’re unfamiliar with creating SSH keys for your repositories here are links to the resources on how to.

Doing the above is a good solution but there are a some cons to this method.

  1. When setting up, each team member must do their own builds. If you’re pushing to docker hub this can be a redundant process. (don’t share your private keys folks)
  2. If for some reason you need to change your SSH key you will be forced to rebuild your images —
  3. and If you have multiple custom images that requires the same SSH key you would have to rebuild all of them.

Solution

An easier solution would be to utilize docker-compose and share your local private key to your container as a volume. The code bellow is an example of how to set this up

my_image:
 build:
     context: ./my-custom-build
     dockerfile: Dockerfile
 volumes:
     — ./:/var/www/html:delegated
     — ~/.ssh/id_rsa:/root/.ssh/id_rsa
 depends_on:
     — mongo
     — redis
 networks:
     — my_network
 ports:
     — ${PORT}:80

You can see in the above code that I am forwarding my local SSH key inside my container. This way every time I run a command that requires to pull from a private repository within my container it will reference my local SSH key and will have access to the resources without issue.

Conclusion

If your development process requires a dynamic way to add your SSH key or you have a custom docker build that takes too long to run every time, then adding your SSH key via this method is definitely good practice. And would allow you to not worry about maintaining a docker build with an SSH key that could potential become redundant.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Docker
Docker Compose
Ssh
Bitbucket
Github

--

--

Sieg
Sieg

Written by Sieg

5 Followers
2 Following

A Software Engineer who loves clean code and exploring new and fun technologies

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech