I manage a Jenkins CI server running on Ubuntu 14.04 with a few requirements:
- Jobs make use of public/private key authentication for security, so an identity must have been added to ssh-agent prior to executing them
- Our private key files must be passphrase protected
- We cannot store that passphrase in an insecure location (like a script source-code or Jenkins configuration files)
Ideally, I want to ssh-add and enter passphrase on the order of once per reboot. But I can't figure out how to get Jenkins CI to run its jobs in a way that takes advantage of this authentication.
Is it possible to get Jenkins to take advantage of identities added to an ssh-agent in advance?
Is there an alternative strategy I'm not seeing here?