docs: Add password-protected SSH keys information

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
fluxcd · Jul 1, 2022 · 87fba45 · 87fba45
1 parent 0256704
commit 87fba45
Showing 1 changed file with 21 additions and 4 deletions.
diff --git a/docs/spec/v1beta2/gitrepositories.md b/docs/spec/v1beta2/gitrepositories.md
@@ -152,7 +152,7 @@ data:
 #### SSH authentication
 
 To authenticate towards a Git repository over SSH, the referenced Secret is
-expected to contain `.data.identity` and `known_hosts` fields. With the respective
+expected to contain `identity` and `known_hosts` fields. With the respective
 private key of the SSH key pair, and the host keys of the Git repository.
 
 ```yaml
@@ -162,11 +162,28 @@ kind: Secret
 metadata:
   name: ssh-credentials
 type: Opaque
-data:
-  identity: <BASE64>
-  known_hosts: <BASE64>
+stringData:
+  identity: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    ...
+    -----END OPENSSH PRIVATE KEY-----
+  known_hosts: |
+    github.com ecdsa-sha2-nistp256 AAAA...
+```
+
+Alternatively, the Flux CLI can be used to automatically create the
+secret, and also populate the known_hosts:
+
+```sh
+flux create secret git podinfo-auth \
+    --url=ssh://git@github.com/stefanprodan/podinfo \
+    --private-key-file=./identity
 ```
 
+For password-protected SSH private keys, the password must be provided
+via an additional `password` field in the secret. Flux CLI also supports
+this via the `--password` flag.
+
 ### Interval
 
 `.spec.interval` is a required field that specifies the interval at which the