Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://wizard.casa/objects/0194eb18-69b4-a48e-9cb0-cdab385e01ad">Δж3 (ax3@wizard.casa)'s status on Sunday, 09-Feb-2025 23:27:29 JST</a><a href="https://wizard.casa/users/ax3" title="ax3@wizard.casa"><img src="https://gnusocial.jp/avatar/285729-48-20241005204112.webp" width="48" height="48" alt="Δж3" style="position: absolute; left: 0; top: 0;">Δж3</a><div><a href="https://queer.hacktivis.me/objects/fb66b1b0-3fc9-41dd-961c-744380023fe5" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/1514" title="icedquinn@blob.cat">iced depresso</a></li><li><a href="https://gnusocial.jp/user/4554" title="captainepoch@stereophonic.space">Adolph</a></li></ul></div></section><article><p><a href="https://queer.hacktivis.me/users/lanodan">@lanodan</a> <a href="https://stereophonic.space/users/captainepoch">@captainepoch</a> <a href="https://blob.cat/users/icedquinn">@icedquinn</a> if you're ci runner or action's ssh implementation supports it using a secret stored as the envvar SSH_PASSPHRASE should work.  notably this works in gitlab. from a posture standpoint it makes more sense to have a dedicated ed25519 key just for ci/cd jobs with no passphrase. you're creating more complexity than security with the proposed setup.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4536111#notice-8881305">In conversation</a><time datetime="2025-02-09T23:27:29+09:00" title="Sunday, 09-Feb-2025 23:27:29 JST">about 23 days ago</time> <span>from <span><a href="https://wizard.casa/objects/0194eb18-69b4-a48e-9cb0-cdab385e01ad" rel="external" title="Sent from wizard.casa via ActivityPub">wizard.casa</a></span></span><a href="https://wizard.casa/objects/0194eb18-69b4-a48e-9cb0-cdab385e01ad">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Δж3 (ax3@wizard.casa)'s status on Sunday, 09-Feb-2025 23:27:29 JSTΔж3
in reply to
@lanodan @captainepoch @icedquinn if you're ci runner or action's ssh implementation supports it using a secret stored as the envvar SSH_PASSPHRASE should work. notably this works in gitlab. from a posture standpoint it makes more sense to have a dedicated ed25519 key just for ci/cd jobs with no passphrase. you're creating more complexity than security with the proposed setup.
In conversationabout 23 days ago from wizard.casapermalink

Public

Embed Notice

HTML Code

Corresponding Notice