Deploy (Docker Image -> Remote Server w/ Non-Root User)

I’m wondering if people have a good strategy around this topic.

I finally got the deploy job in my pipeline solid. BUT I feel like I cheated and I feel dirty. I make my remote server so I could log in directly as root! :frowning: I’m sure the security guys at work would start beating me…luckily this is just my personal project.

Are there any correct strategies to have a runner deploy to a remote server a Docker image and start it without logging into that server directly as root? I guess I could add yet another CI Variable (Hidden) and pass that via sudo but that just feels like I’m pushing the problem around.

Am I doing this right using root? Or is there a better solution?

BTW…I am at least using PermitRootLogin without-password.

I don’t know if this is much better. I closed up the root ssh access via keys. Then switch to using a specific user account. Then enabled no password for sudo on that account.

Any better ideas?