Roots Discourse

SSH keys with Trellis/Bitbucket/Kinsta

Could someone help explain the SSH key setup with deploying trellis to bitbucket?

I have a public ssh key on my local machine located in ~/.ssh/id_rsa_personal.pub. This key has been added to Kinsta and I can deploy straight from Trellis to Kinsta using ansible just fine. The problem now is that I’m setting up CI with BitBucket pipelines and I’m getting this error while it’s deploying

I think I’m overthinking it at this point but I’m confused on what SSH keys I need and where to put them. I have created a deployment SSH key on my bitbucket account and added that to kinsta as well but I’m still getting this error.

Trellis needs an SSH key in order to connect to BitBucket and download the repo. When you run Trellis locally, it uses your local SSH keys. When it’s run on BitBucket’s CI product, it has no access to your local SSH keys, so it would need to authenticate in a different way.

1 Like

do you have any suggestions on how to move forward with that authentication? I realize that’s why it’s not able to deploy from Bitbucket, but do I somehow need to get my local private keys into bitbucket so it can authenticate?

I’m not familiar w/ Bitbucket’s CI system, but I would imagine they have a way to integrate their repos w/ that system. Some systems like that will have the option to use some kind of “deployment key” that you can add to your repo but is used only by the CI system. You could not want to put your private keys on the CI system–those should generally never leave your local machine. I’d recommend looking through support documents for Bitbucket’s CI system for information on SSH authentication, or contacting their support.

1 Like

Okay thanks, I’ll take a look through their docs. And whoops! I meant to say local public key, not private key.

Your public keys wouldn’t help: The CI server wouldn’t have the private keys to match them.

1 Like

I was able to solve this. My hosting service is Kinsta so this may be different for other people but I had to ssh into my Kinsta environment and find it’s public SSH key (cat ~/.ssh/id_rsa.pub). I copied this and put it in my bitbucket user account (personal settings > security > SSH keys). I’m currently running into some other issues in my build-before.yml file but there are no more SSH issues.