This gh extension allows you to request a SSH certificate to access a GitHub repo leveraging the SSH certificate authority feature.
This extension requires the deployment of the SSH Cert App companion GitHub App.
-
Install the gh cli - see the installation/upgrade instructions
-
Install this extension:
gh extension install helaili/ssh-cert-appIn order to retrieve a certificate, the SSH Cert App must be installed on at least one repository of an organisation. Users requesting a certificate must be authenticated and have write access to this repository.
gh ssh-cert getWhen no flags are supplied, we look for parameters in ./.gh-ssh-cert.yaml and then $HOME/.gh-ssh-cert.yaml.
Sample .gh-ssh-cert.yaml file:
org: my-org
repo: a-repo
pubKey: '~/.ssh/id_rsa.pub'
url: https://somewhere.com/ssh-cert-appor
gh ssh-cert get <flags>where flags are:
--org or -o - The GitHub Organization where the SSH Cert App is installed.
--repo or -r - The repository where the SSH Cert App is installed.
--pubKey or -k - The Public key file to request a certificate for, e.g. ~/.ssh/id_rsa.pub. This key needs to exist on your GitHub profile.
--url or -u - The root URL of your instance of the SSH Cert App
--config or -c - The YAML config file which will provide the above parameters, in case this file is not ./.gh-ssh-cert.yaml or $HOME/.gh-ssh-cert.yaml
Note that the org and repo parameters can be omitted when the command is run from a clone of the GitHub repo, my-org/a-repo in our exemple.
- run
git clone https://github.com/helaili/gh-ssh-cert - run
cd gh-ssh-cert; gh extension install .; gh ssh-cert <flags> - use
go build && gh ssh-cert <flags>to see changes in your code as you develop