Versions Compared

Version Old Version 1 New Version Current
Changes made by

Karl Henselin

Chandresh Patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Private Key credentials support a private key file upload and have an optional input for a passphrase. You will be able to download the public key based on the private key that is uploaded if it is an OpenSSH key. These credentials FlexDeploy does not support downloading public key for such private key files. These credential can be configured for OAuth purposes where supported by underlying Integration. Additionally, they can be referenced in custom groovy scripts and workflows (see Referencing Private Key Values as Properties section for more information).

  •  update this screenshot.

...

Input Name

Required

Description

Input Type

Required

Private Key

Yes

Private Key which will have its content stored in encrypted format. Most private key formats should work in FlexDeploy. The private key will not be tested at save time.

File

Yes

Passphrase

Passphrase

No

Passphrase for accessing the Private key (optional, also stored in an encrypted format).

Text

No

You can reference Private Key credential where supported. For example,

...

How to generate Private Key & Certificate

See example commands below to generate Private Key and Certificate. Adjust KEY_ALIAS and KEY_PASSWORD before running this. You will get two Private Key files (.pem extension) - with and without Passphrase. You will also get matching Certificate (.cer).

Code Block
languagebash
rm -rf ./generated
mkdir generated
cd generated

export KEY_ALIAS=FDOCI1
export KEY_PASSWORD=Welcome1

# Generate Private Key and Certificate with Passphrase 
keytool -genkey -keyalg RSA -alias $KEY_ALIAS -keystore keystore.jks -storepass $KEY_PASSWORD -validity 365 -keysize 2048 -keypass $KEY_PASSWORD

# Export Certificate
# This Certificate can be uploaded for FlexDeploy Certificate type Credential
keytool -exportcert -alias $KEY_ALIAS -file ${KEY_ALIAS}.cer -keystore keystore.jks -storepass $KEY_PASSWORD -rfc
sed -i 's/\r//g' ${KEY_ALIAS}.cer

# Convert to Keystore to PKCS12 format and export Private Key file.
keytool -importkeystore -srckeystore keystore.jks -srcstorepass $KEY_PASSWORD -destkeystore keystore.p12 -deststoretype pkcs12 -destkeypass $KEY_PASSWORD -deststorepass $KEY_PASSWORD

# This Private Key can be uploaded to FlexDeploy Private Key type Credential along with Passphrase (set in KEY_PASSWORD on line 6 above)
openssl pkcs12 -in keystore.p12 -passin pass:$KEY_PASSWORD -passout pass:$KEY_PASSWORD -nocerts -out $KEY_ALIAS.pem

cd ..

Referencing Private Key Values As Properties

...

We could have a step in our workflow to execute some sort of shell script that will make an SSH connection using the property configured on the project. Below is an example of referencing our property in a groovy script, but it would be similar for environment variables or property replacement within files. For accessing the private key then we would use the code PRIVATE_KEY. For accessing the passphrase, then it would be PRIVATE_KEY_PASSPHRASE. Note that if referencing the passphrase like this, it could fail if the actual value of the property during execution is not an Private Key-type credential.

...

Groovy Functions

...