argo-cd: Argo CD doesn't support a private key with passphrase

Describe the bug

I tried to add my private git repository to Argo CD with SSH private key credential.

However, Argo CD CLI invoked some error like this.

$ argocd repo add git@github.com:<my private repository> --ssh-private-key-path ~/.ssh/id_rsa
FATA[0000] ssh: cannot decode encrypted private keys

It seems that this ssh: cannot decode encrypted private keys came from golang.org/x/crypto/ssh package.

golang/x/crypto/ssh package has a function for dealing with a private key with passphrase like this, but it seems that Argo CD codes don’t use it.

To Reproduce

  1. Prepare for an SSH private key with a passphrase
  2. Try to add git repository with the private key like this.
argocd repo add git@github.com:<my private repository> --ssh-private-key-path <path/to/the private key>
  1. Then you will see some errors like this.
FATA[0000] ssh: cannot decode encrypted private keys

Expected behavior Argo CD CLI add the git repository with no errors.

Version

argocd: v1.0.2+e0bd546.dirty
  BuildDate: 2019-06-14T17:15:36Z
  GitCommit: e0bd546a07818ec06a27c2b3033454e3eb1c4152
  GitTreeState: dirty
  GoVersion: go1.11.4
  Compiler: gc
  Platform: darwin/amd64
argocd-server: v1.0.2+e0bd546.dirty
  BuildDate: 2019-06-14T17:15:03Z
  GitCommit: e0bd546a07818ec06a27c2b3033454e3eb1c4152
  GitTreeState: dirty
  GoVersion: go1.11.4
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: 0.13.1

Have you thought about contributing a fix yourself?

I tried to fix this issue, but code base of Argo CD is complicated for me.

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Reactions: 8
  • Comments: 16 (1 by maintainers)

Most upvoted comments

any solution? ping the issue.

This is still a good addition that should be made to ArgoCD

I stumbled on that issue today. Any news on it?

@FredM

This probrems depends on x/crypto/ssh package. latest x/crypto/ssh has already supported Private key with passphrase in OpenSSH format.

Master branch has already depended on corrected x/crypto/ssh version, so it should work correctly in master.

// go.mod in master branch

// ...
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975
// ...

But, latest version ArgoCD v1.6.1 does not follow fixed version.

// go.mod in release 1.6.1

// ...
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586
// ...

Maybe it will work correctly in the next release.

Working on it