Need a way to pass array of keys instead of one

[kalekseev]

No description provided.

[mpdude]

@kalekseev do you have an example for an action that takes array arguments?

[webknjaz]

Maybe dump all the keys into one var and since they have delimiters anyway it'd be easy to split those inside of the action.

[mpdude]

Have you tried putting multiple keys into the secret at once? Maybe ssh-add can handle that out of the box?

[webknjaz]

One secret can be 64 KB max: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#limits-for-secrets.

I tried cat key1 key2 key3 | ssh-add - and it only added one key there. So I guess it doesn't support it out of the box.

[bradmartin]

Believe I'm also facing similar issue. Although, I'm no expert on SSH and how this process is working under the hood.

I have 3 private repos that are needed to build a project with. I had one of them configured and everything was working well. However, I can't reuse the key on the 2 remaining private repos since it's already in use as a Deploy Key.

Maybe I'm going about the SSH key approach wrong though 🤔 . Would being able to pass different secret keys fix this by being able to pull the remaining private repos? I'm looking into the machine user approach also which mentions ONE key being needed, however, I haven't tested that so I cannot confirm if that will work or not.

[webknjaz]

@mpdude alternative way to implement this would be to publish SSH agent socket and have end-users pass it as an input invoking this action multiple times in a row. The action would need to be changed to skip starting the new agent then.

@bradmartin a workaround for you would be to do something like "ssh-add - <<< ${{ secrets.YOUR_OTHER_KEY }}" manually.

[bradmartin]

Thank you for that @webknjaz - I will try that soon today 👍

[mpdude]

@webknjaz Do you think 64KB is a limit of practical relevance?

Thinking about splitting the key/secret at some marker in JavaScript, then passing each one to the agent.

[mpdude]

Please give #14 a try and leave a note over there if it works for you.

[webknjaz]

Do you think 64KB is a limit of practical relevance?

You can fit 16-18 4096-bit keys so yes, it's totally fine.

Thinking about splitting the key/secret at some marker in JavaScript, then passing each one to the agent.

No need. Each key starts with -----BEGIN OPENSSH PRIVATE KEY----- on a separate line and ends with -----END OPENSSH PRIVATE KEY----- on a separate line. So all you need to do is use these markers. Extra markers would only consume (waste) space in the var.

Please give #14 a try and leave a note over there if it works for you.

We've migrated away from using pre-defined keys recently so you'll have to wait for somebody else to test it. But I'll try to leave a code review there.

[mpdude]

Yeah, my intention was to use -----BEGIN as the marker, see over at #14.

[webknjaz]

see over at #14.

Yep, already noticed

[mpdude]

Implemented in #14.