5

I am building a CI/CD for my django project using GitLab. As part of my deploy stage, I have

deploy:
  stage: deploy
  script:
    - mkdir -p ~/.ssh
    - echo "$PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
    - cat ~/.ssh/id_rsa
    - chmod 700 ~/.ssh/id_rsa
    - eval "$(ssh-agent -s)"
    - ssh-add ~/.ssh/id_rsa
    - ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts
    - chmod +x ./deploy.sh
    - scp  -o StrictHostKeyChecking=no -r ./.env ./docker-compose.prod.yml ec2-user@$EC2_PUBLIC_IP_ADDRESS:/home/ec2-user/app
    - bash ./deploy.sh
  only:
    - master

The build breaks down at ssh-add ~/.ssh/id_rsa with the error message Error loading key "/root/.ssh/id_rsa": invalid format.

I have checked people with questions with similar error messages and none seem related to what I am doing.

Notes

  1. I am trying to deploy to amazon ec2
  2. I am following this tutorial https://testdriven.io/blog/deploying-django-to-ec2-with-docker-and-gitlab/ and everything seems to work fine up until this last point.
theSekyi
  • 462
  • 2
  • 6
  • 23
  • are you set the PRIVATE_KEY variable to file or var? Could you paste the output of echo $PRIVATE_KEY, masking the value – Sergio Tanaka May 26 '20 at 16:34
  • Nothing is displayed – theSekyi May 26 '20 at 17:19
  • Where is `PRIVATE_KEY` being set? – Dennis Traub May 26 '20 at 17:21
  • I added it to my environment variables in gitlab. I can now see the exact content of my `PRIVATE_KEY`. Something along the lines of ``` -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA0jvxojw/f4fiyK3nvnWQagJ+nnTW+IeruETOsePsmGOpbM/V +yxK6kNccbovqqJm9Up6/VWHxzwu13Kya6kgMmk+MPAuvgdAnIeOXS5K2OQgGg6Y J933x/awBdoahQHFD5rPRfLBQ3NTU90fpClWtr8+NdZJeDBatVS/b/yjMX9idhGV xZaCJfbxAK9auwH1EAUoUAWqLYi5G/vcHSUnFv3jJRy0jg3Q2Ff+fwnbKtAAd81R .... 5DLOwRuU/hb8oatgzRGTGvx3PBKqO7xe+B7JVpJFgkJ3D6ZCWBN+g== -----END RSA PRIVATE KEY----- ``` This value is masked for obvious reasons – theSekyi May 26 '20 at 20:22
  • which executor are you using? docker or kubernetes? – Sergio Tanaka May 28 '20 at 13:10
  • i am using docker – theSekyi May 28 '20 at 16:46

2 Answers2

3

I faced such issue, the error was "Error loading key "/root/.ssh/id_rsa": invalid format" It was due to protected variable, that only applied on protected branch. I mean to say if you use protected variable on unprotected branch it will not recognize the variable thus failed to recognize it.

enter image description here

Vaseem007
  • 2,401
  • 22
  • 20
1

I managed to fix it with the help of guys from the ##aws irc channel

The Problem

I generated a PKCS#1 key format instead of a PKCS#8 format. The PKCS#1 is represented as:

-----BEGIN RSA PRIVATE KEY-----
BASE64 ENCODED DATA
-----END RSA PRIVATE KEY-----

The PKCS#8 is represented as:

-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

Solution

I simply copied the PRIVATE KEY and converted it here https://decoder.link/rsa_converter

You can also see a better elucidation here Differences between "BEGIN RSA PRIVATE KEY" and "BEGIN PRIVATE KEY"

Edited As indicated below, it is not a good idea to use websites to do the conversion. Especially when your private key is likely being sent to their servers. Instead, do the conversion locally as indicated here by @csgeek

theSekyi
  • 462
  • 2
  • 6
  • 23
  • 4
    Probably worth noting that that site sends your private key to its servers. I would recommend not using a website like that to convert your private key. – will Nov 27 '20 at 21:53
  • 2
    This is a better local pattern: https://gist.github.com/gtaban/410db2351e52ae36a2a636f3cc6f86ac – csgeek Feb 27 '21 at 05:40