From f0a35422cdc9927c5f2c3fa374ffda964975fed5 Mon Sep 17 00:00:00 2001 From: Daniel van Gils Date: Mon, 17 Oct 2016 17:42:09 +0100 Subject: [PATCH] adding security example --- examples/build.yml | 2 +- examples/security/Dockerfile | 12 ++++++++++++ examples/security/README.md | 2 ++ examples/security/build.yml | 10 ++++++++++ 4 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 examples/security/Dockerfile create mode 100644 examples/security/README.md create mode 100644 examples/security/build.yml diff --git a/examples/build.yml b/examples/build.yml index 9e75d27..c730d3b 100644 --- a/examples/build.yml +++ b/examples/build.yml @@ -1,5 +1,5 @@ build: - version: 2016-02-13 // version of the build schema. + version: 2016-02-14 // version of the build schema. steps: - builder: name: builder diff --git a/examples/security/Dockerfile b/examples/security/Dockerfile new file mode 100644 index 0000000..40b5b18 --- /dev/null +++ b/examples/security/Dockerfile @@ -0,0 +1,12 @@ +FROM ubuntu +RUN apt-get update && apt-get install -y wget openssh-client + +# add the authorized host key for github (avoids "Host key verification failed") +RUN mkdir ~/.ssh && ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts + +ARG host +ENV PRIVATE_KEY /root/.ssh/id_rsa +RUN wget -O $PRIVATE_KEY http://$host:8080/v1/secrets/file/id_rsa \ +&& chmod 0600 $PRIVATE_KEY \ +&& ssh -T git@github.com \ +&& rm $PRIVATE_KEY \ No newline at end of file diff --git a/examples/security/README.md b/examples/security/README.md new file mode 100644 index 0000000..163cba4 --- /dev/null +++ b/examples/security/README.md @@ -0,0 +1,2 @@ +Run this example using secrets +`habitus -env host=[ip of habitus endpoint] --host unix:///var/run/docker.sock --binding=0.0.0.0` \ No newline at end of file diff --git a/examples/security/build.yml b/examples/security/build.yml new file mode 100644 index 0000000..a5db39a --- /dev/null +++ b/examples/security/build.yml @@ -0,0 +1,10 @@ +build: +version: 2016-03-14 +steps: + builder: + name: builder + dockerfile: Dockerfile + secrets: + id_rsa: + type: file + value: _env(HOME)/.ssh/id_rsa \ No newline at end of file