Merge pull request #1404 from fluxcd/private-key-password

fluxcd · May 10, 2021 · 99bdb20 · 99bdb20
2 parents 12ea028 + fbe7050
commit 99bdb20
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go
@@ -30,6 +30,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+	cryptossh "golang.org/x/crypto/ssh"
 	corev1 "k8s.io/api/core/v1"
 
 	"github.com/fluxcd/flux2/internal/bootstrap"
@@ -232,7 +233,20 @@ func transportForURL(u *url.URL) (transport.AuthMethod, error) {
 		}, nil
 	case "ssh":
 		if bootstrapArgs.privateKeyFile != "" {
-			return ssh.NewPublicKeysFromFile(u.User.Username(), bootstrapArgs.privateKeyFile, gitArgs.password)
+			// TODO(hidde): replace custom logic with https://github.com/go-git/go-git/pull/298
+			//  once made available in go-git release.
+			bytes, err := ioutil.ReadFile(bootstrapArgs.privateKeyFile)
+			if err != nil {
+				return nil, err
+			}
+			signer, err := cryptossh.ParsePrivateKey(bytes)
+			if _, ok := err.(*cryptossh.PassphraseMissingError); ok {
+				signer, err = cryptossh.ParsePrivateKeyWithPassphrase(bytes, []byte(gitArgs.password))
+			}
+			if err != nil {
+				return nil, err
+			}
+			return &ssh.PublicKeys{Signer: signer, User: u.User.Username()}, nil
 		}
 		return nil, nil
 	default: