Credential Type - Private Key
- Karl Henselin
- Chandresh Patel
The Private Key type was added in FlexDeploy 9.0.0.3. If you are running an earlier version, you can use an SSH Key credential instead for OAuth Email.
Configure Private Keys Within FlexDeploy
Private Key credentials support a private key file upload and have an optional input for a passphrase. FlexDeploy does not support downloading public key for such private key files. These credential can be configured for OAuth purposes where supported by underlying Integration. Additionally, they can be referenced in custom groovy scripts and workflows (see Referencing Private Key Values as Properties section for more information).
Input Name | Required | Description | Input Type |
|---|---|---|---|
Private Key | Yes | Private Key which will have its content stored in encrypted format. Most private key formats should work in FlexDeploy. The private key will not be tested at save time. | File |
Passphrase | No | Passphrase for accessing the Private key (optional, also stored in an encrypted format). | Text |
You can reference Private Key credential where supported. For example,
How to generate Private Key & Certificate
See example commands below to generate Private Key and Certificate. Adjust KEY_ALIAS and KEY_PASSWORD before running this. You will get two Private Key files (.pem extension) - with and without Passphrase. You will also get matching Certificate (.cer).
rm -rf ./generated
mkdir generated
cd generated
export KEY_ALIAS=FDOCI1
export KEY_PASSWORD=Welcome1
# Generate Private Key and Certificate with Passphrase
keytool -genkey -keyalg RSA -alias $KEY_ALIAS -keystore keystore.jks -storepass $KEY_PASSWORD -validity 365 -keysize 2048 -keypass $KEY_PASSWORD
# Export Certificate
# This Certificate can be uploaded for FlexDeploy Certificate type Credential
keytool -exportcert -alias $KEY_ALIAS -file ${KEY_ALIAS}.cer -keystore keystore.jks -storepass $KEY_PASSWORD -rfc
sed -i 's/\r//g' ${KEY_ALIAS}.cer
# Convert to Keystore to PKCS12 format and export Private Key file.
keytool -importkeystore -srckeystore keystore.jks -srcstorepass $KEY_PASSWORD -destkeystore keystore.p12 -deststoretype pkcs12 -destkeypass $KEY_PASSWORD -deststorepass $KEY_PASSWORD
# This Private Key can be uploaded to FlexDeploy Private Key type Credential along with Passphrase (set in KEY_PASSWORD on line 6 above)
openssl pkcs12 -in keystore.p12 -passin pass:$KEY_PASSWORD -passout pass:$KEY_PASSWORD -nocerts -out $KEY_ALIAS.pem
cd ..Referencing Private Key Values As Properties
A Private Key credential that is assigned to an encrypted property within FlexDeploy can be referenced for property replacement or groovy variables. In order to reference the private key, only the property code needs to be used. If you want to access the passphrase, then attach the suffix _PASSPHRASE (case sensitive) to the property code.
For example, we have an encrypted property on this workflow with the code PRIVATE_KEY.
We could have a step in our workflow to execute some sort of shell script that will make an SSH connection using the property configured on the project. Below is an example of referencing our property in a groovy script, but it would be similar for environment variables or property replacement within files. For accessing the private key then we would use the code PRIVATE_KEY. For accessing the passphrase, then it would be PRIVATE_KEY_PASSPHRASE. Note that if referencing the passphrase like this, it could fail if the actual value of the property during execution is not an Private Key-type credential.
Related content
- style