Using Rundeck Key Storage in Shell Script

[Tony Wu]

Hi,

I have a private key in the path key/user/my_user. I've configured the job with a secret option (CUSTOM_KEY) and the key storage path. The job runs a local command which is a shell script. How can I use the key in the shell script? I do not see an option called RO_CUSTOM_KEY.

If anyone can shed some light in terms of using the key storage from a shell script that would be very much appreciated.

Thanks.

[edu...@rundeck.com]

Hi Tony,

Unfortunately, the “Secure” job option, can only use a “password” input type as storage path. As a workaround, you could create a script plugin.  This is an example of a script plugin that works as a workflow node step, that will let you select a key and password file from you storage key, then the bash script in the plugin will echo the contents of the keys to the output:

plugin.yaml

name: keys-in-storage

rundeckPluginVersion: 1.2

author: Eduardo 

date: 05/07/2018

version: 0.1

providers:

  - name: select-key-storage

    service: WorkflowNodeStep

    title: 'select key storage'

    description: select key and password to be used in script

    plugin-type: script

    script-interpreter: /bin/bash

    script-file: key-select.sh

    config:

      - name: key_storage_path

        title: key Storage Path

        type: String

        required: false

        description: "Key Storage path."

        scope: Instance

        renderingOptions:

          selectionAccessor: "STORAGE_PATH"

          valueConversion: "STORAGE_PATH_AUTOMATIC_READ"

          storage-path-root: "keys"

          instance-scope-node-attribute: "key-storage-path"

          storage-file-meta-filter: "Rundeck-key-type=private"

      - name: password_storage_path

        title: Password Storage Path

        type: String

        required: false

        description: "Password storage path. "

        scope: Instance

        renderingOptions:

          selectionAccessor: "STORAGE_PATH"

          valueConversion: "STORAGE_PATH_AUTOMATIC_READ"

          storage-path-root: "keys"

          instance-scope-node-attribute: "password-storage-path"

          storage-file-meta-filter: "Rundeck-data-type=password"

contents/key-select.sh

#!/bin/bash

echo "$RD_CONFIG_KEY_STORAGE_PATH"

echo "$RD_CONFIG_PASSWORD_STORAGE_PATH"

If you wish to test it, you will need to put the correct files in the folder structure, as described in the documentation, then move the zip file to your $RDECK_BASE/libext directory. Further plugin examples can be found in here and here, if you would like to build your own custom plugin.

Hope it helps