Recommended auth mechanism for fetching gruntwork modules on CI



What is the recommended way to authenticate with Github when fetching gruntwork modules such as: ssh:// from CircleCI?

From the terraform doco it looks like I need to set GIT_SSH_COMMAND or hardcode the username and password in the connection string.

infrastructure-modules-acme isn’t using the latter so I guess that’s not recommended.
Is there any documentation on doing the former (such as adding an SSH key to CircleCI and then setting GIT_SSH_COMMAND to something like: ssh -i ${HOME}/.ssh/id_rsa -F /dev/null ?

or is there some terragrunt magic to help here, e.g. I found a reference to:

ssh -T -oStrictHostKeyChecking=no || true

in the infrastructure-modules-acme but including this on CI does not seem to help.


I’ve forked sample-app-frontend-acme, infrastructure-live-acme and infrastructure-modules-acme, but I’d like to pull the actual gruntwork terraform modules from, well, gruntwork. On CircleCI, I’m using a machine user with a Github PAT to fetch my forked repos.


Use SSH keys! These are natively supported by Git (and by extension, Terraform, since it uses Git under the hood). Configure an SSH key for a machine user and add it to your CircleCI build.


See this thread for instructions: CircleCI unable to checkout infrastructure settings repo (sample-app-frontend-acme)


@jim Just looked through the members of gruntwork org and there are a few machine users in there.

So the machine user on CircleCI that already has a user key configured just needs adding to the gruntwork org to get read access to the module repos? If so, how should I go about requesting the user be added to the gruntwork org?


If you want a human or machine user to have access to the gruntwork-io GitHub repos, just email their GitHub ID to Thx!