Deploy (Docker Image -> Remote Server w/ Non-Root User)

dweibel · September 21, 2018, 11:11pm

I’m wondering if people have a good strategy around this topic.

Background:
I finally got the deploy job in my pipeline solid. BUT I feel like I cheated and I feel dirty. I make my remote server so I could log in directly as root! I’m sure the security guys at work would start beating me…luckily this is just my personal project.

Question:
Are there any correct strategies to have a runner deploy to a remote server a Docker image and start it without logging into that server directly as root? I guess I could add yet another CI Variable (Hidden) and pass that via sudo but that just feels like I’m pushing the problem around.

Am I doing this right using root? Or is there a better solution?

BTW…I am at least using PermitRootLogin without-password.

dweibel · September 22, 2018, 1:16am

I don’t know if this is much better. I closed up the root ssh access via keys. Then switch to using a specific user account. Then enabled no password for sudo on that account.

Any better ideas?

Topic		Replies	Views
Serious security issue for deployments! GitlabCI - gitlab-ci.yml GitLab CI/CD ci	5	1667	February 6, 2022
Help With Understanding Deployment Job (DIND) GitLab CI/CD	2	1711	October 17, 2017
How to secure production deployment credentials with GitLab CI? GitLab CI/CD	2	5156	October 22, 2016
how to clone without root on gitlab-runner docker GitLab CI/CD	0	787	January 4, 2022
Gitlab CI/CD How to Use GitLab	1	625	November 11, 2018

Deploy (Docker Image -> Remote Server w/ Non-Root User)

Related topics