Skip to content

Commit 9e5c1c7

Browse files
authored
Point to blog post explaining how to use multiple GitHub deploy keys
1 parent ef0ce0c commit 9e5c1c7

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

README.md

+7-3
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,9 @@ jobs:
3838

3939
### Using multiple keys
4040

41-
There are cases where you might need to use multiple keys. For example, "deployment keys" might be limited to a single repository each.
41+
There are cases where you might need to use multiple keys. For example, "[deploy keys](https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys)" might be limited to a single repository, so you'll need several of them.
4242

43-
In that case, you can set-up the different keys as multiple secrets and pass them all to the action like so:
43+
You can set up different keys as different secrets and pass them all to the action like so:
4444

4545
```yaml
4646
# ... contens as before
@@ -55,7 +55,11 @@ In that case, you can set-up the different keys as multiple secrets and pass the
5555
The `ssh-agent` will load all of the keys and try each one in order when establishing SSH connections.
5656

5757
There's one **caveat**, though: SSH servers may abort the connection attempt after a number of mismatching keys have been presented. So if, for example, you have
58-
six different keys loaded into the `ssh-agent`, but the server aborts after five unknown keys, the last key (which might be the right one) will never even be tried. If you don't need all of the keys at the same time, you could try to `run: kill $SSH_AGENT_PID` to kill the currently running `ssh-agent` and use the action again in a following step to start another instance.
58+
six different keys loaded into the `ssh-agent`, but the server aborts after five unknown keys, the last key (which might be the right one) will never even be tried.
59+
60+
Also, when using **Github deploy keys**, GitHub servers will accept the first known key. But since deploy keys are scoped to a single repository, you might get the error message `fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.` if the wrong key/repository combination is tried.
61+
62+
In both cases, you might want to [try a wrapper script around `ssh`](https://gist.github.com/mpdude/e56fcae5bc541b95187fa764aafb5e6d) that can pick the right key, based on key comments. See [our blog post](https://www.webfactory.de/blog/using-multiple-ssh-deploy-keys-with-github) for the full story.
5963

6064
## Exported variables
6165
The action exports the `SSH_AUTH_SOCK` and `SSH_AGENT_PID` environment variables through the Github Actions core module.

0 commit comments

Comments
 (0)