chore: remove password for private key (#11)

* Revert "🐛 fix: use correct private key path for rsync command in copyFiles function (#10)" This reverts commit 091d7b4b4c. * Revert "🔨 chore: refactor rsync command to securely handle private key passph… (#9)" This reverts commit b08861e768. * Revert "🔨 chore: add support for private key password in connection configuration (#8)" This reverts commit 9d69d1a1f6. * chore: add document
2026-01-12 22:23:20 +08:00 · 2024-02-22 20:01:17 +08:00
parent 091d7b4b4c
commit 2e183108e5
2 changed files with 3 additions and 16 deletions
--- a/README.md
+++ b/README.md
@@ -47,8 +47,8 @@ Create `.envrc.override` file in the project directory and add the following:
 export DIGITAL_OCEAN_SSH_KEY_NAME=""
 export DIGITAL_OCEAN_SSH_KEY_ID=""
 # the path to the SSH private key that maps to the above SSH key name/ID, such as `~/.ssh/id_rsa`
+# For automated deployment, do not set password for the private key.
 export PRIVATE_KEY_PATH=""
-export PRIVATE_KEY_PASSWORD=""
 # visit `https://cloud.digitalocean.com/account/api/tokens` to get API key
 export DIGITAL_OCEAN_API_KEY=""

@@ -110,8 +110,8 @@ ServerAliveCountMax 4

 # Resources

- [OPI Documentation](https://github.com/bestinslot-xyz/OPI)
 - [Pulumi DigitalOcean Provider](https://www.pulumi.com/docs/reference/pkg/digitalocean/)
+- [OPI Documentation](https://github.com/bestinslot-xyz/OPI)
 - [asdf](https://asdf-vm.com/)
 - [direnv](https://direnv.net/)
 - [Pulumi](https://www.pulumi.com/)
--- a/deploy/src/index.ts
+++ b/deploy/src/index.ts
@@ -152,10 +152,6 @@ export function create(params: { name: string; region: string; size: string }) {
    privateKey,
    dialErrorLimit: 50,
  }
-  const privateKeyPassword = process.env['PRIVATE_KEY_PASSWORD']
-  if (privateKeyPassword != null && privateKeyPassword.length > 0) {
-    connection.privateKeyPassword = privateKeyPassword
-  }

  const provision = provisionInstance({ name, connection })

@@ -164,17 +160,8 @@ export function create(params: { name: string; region: string; size: string }) {
      throw new Error(`not found: ${loc}`)
    }
    const hash = generateDirectoryHash(loc).slice(0, 5)
-    const privateKeyPassword = process.env['PRIVATE_KEY_PASSWORD']
-
-    const privateKeyPath = process.env['PRIVATE_KEY_PATH']
-    // Use an expect script to interact with ssh-add securely, if privateKeyPassword is set.
-    let addKeyCommand = privateKeyPassword != null && privateKeyPassword?.length > 0
-      ? `expect -c 'spawn ssh-add ${privateKeyPath}; expect "Enter passphrase for"; send "${privateKeyPassword}\\r"; interact'`
-      : `ssh-add ${privateKeyPath}`
-
-    const rsyncCommand = `eval $(ssh-agent -s) && ${addKeyCommand} && RSYNC_RSH="ssh -i ${privateKeyPath}" rsync -avP ${loc} ${connection.user}@${droplet.ipv4Address}:${remotePath} && kill $SSH_AGENT_PID`
    return new local.Command(`${name}:copyFiles ${unroot(loc)}`, {
-      create: pulumi.interpolate`${rsyncCommand}`,
+      create: pulumi.interpolate`rsync -avP ${loc} ${connection.user}@${droplet.ipv4Address}:${remotePath}`,
      triggers: [hash, loc, remotePath],
    })
  }