Setting Gitlab or Github SSH Keys via ABX action in Cloud Assembly Deployment

In this article, we will look how to Action-Based Extendibility (ABX) action to fetch Gitlab or Github SSH Keys and use them in a VMware Cloud Assembly Blueprint Deployment.


When building Cloud Assembly blueprints there are multiple methods that you can specify what type of remote access would be possible to the machine after it has bene provisioned. You can set these via the remoteAccess property in your blueprint YAML code.

One of the popular ways is to use publicPrivateKey as a remoteAccess authentication method and supply the SSH Key in the YAML.

Lets see how we can dynamically supply this key during poisoning time.

Issue & Solution

Problem with the above approach is that you have to preconfigure the ssh key value in every yaml blueprint you manage. What if we want to pull the ssh key value from a git repository like Gitlab or Github or any other URL for that matter.

We cannot dynamically specify the value in the YAML but we can build an Action-Based Extensibility (ABX) action to fetch the value and inject it the YAML during provisioning.

Action-Based Extensibility uses streamlined scripts of code within Cloud Assembly to automate extensibility actions.

Action-Based Extensibility provides a lightweight and flexible run-time engine interface where you can define small scriptable actions and configure them to initiate on particular events provided by the Event Broker Service (EBS).

You can create these extensibility action scripts of code within Cloud Assembly and assign them to subscriptions. Similarly to workflows, the extensibility action script triggers when a event specified by a subscription occurs. Extensibility action scripts are used for more lightweight and simple automation of tasks and steps. They are also hosted on the cloud as opposed workflows which are hosted on-prem using a vRealize Orchestrator client and server.

Lets see how we can do this.

First lest specify the remote access method in our blueprint yaml and give a null value for the ssh key:

Navigate to the Extensibility tab in Cloud Assembly.

Navigate to Actions and click New Action

Provide the following value:

  • Name: Give it a name
  • Project: Attach it to your project that contains your blueprint yaml.
  • Template: custom script
  • Runtime: python 3

Copy and paste the following script in the scrip filed:



Replace the response URL with the URL holing your ssh key.

On the right side provide the fallowing values:

  • Main function: handler
  • Inputs: customProperties : [“sshKey”]
  • Dependency: requests

Save the action.

Go to the Subscriptions tab and create a new Subscription.

Provide the following values:

  • Name: give it a name
  • Event Topic: compute.allocaiton.pre
  • Runnable Item: the action you created
  • Blocking: Enable

Save the subscription.

Trigger a deployment of the blueprint

Monitor the action run and wait until it has completed.

Now you should be able to login via SSH to the machine you’ve just deployed.

Spas Kaloferov

Leave a Reply

%d bloggers like this: