Sync organisation SSH public keys to server authorized_keys
file so they are able to SSH into OS - for Capistrano v3.
Note: The authorized keys file is generated locally before being uploaded to the server(s).
Add this line to your application's Gemfile:
gem 'capistrano-ssh-authorized-keys-github', require: false
And then execute:
$ bundle
Or install it yourself as:
$ gem install capistrano-ssh-authorized-keys-github
Require the gem in your Capfile
:
require 'capistrano/ssh-authorized-keys-github'
And then set the variables in config/deploy.rb
:
set :github_org, 'olioex'
# ...or... (takes priority)
set :github_orgs, ['olioex', 'github']
# Optional for Github rate limits (oauth application)
set :github_app_id, '12345'
set :github_app_secret, 'abcdef'
The task will run automatically on successful deploy. Alternatively, you can notify of a deploy starting manually by using:
bundle exec cap production security:sync_ssh_keys
Users in your organisation will need to have their membership public in order for SSH public keys to be sync'd to the server.
Github rate limits aren't currently respected. They are limited to 60 per hour. if you have a large number of users and are doing regular syncing from an IP address then you will be rate limited.
Copyright (c) 2022 OLIO Exchange Ltd. See LICENSE.txt for further details.