Setting Gitlab or Github SSH Keys via ABX action in Cloud Assembly Deployment

In this article, we will look how to Action-Based Extendibility (ABX) action to fetch Gitlab or Github SSH Keys and use them in a VMware Cloud Assembly Blueprint Deployment.


When building Cloud Assembly blueprints there are multiple methods that you can specify what type of remote access would be possible to the machine after it has bene provisioned. You can set these via the remoteAccess property in your blueprint YAML code.

One of the popular ways is to use publicPrivateKey as a remoteAccess authentication method and supply the SSH Key in the YAML.

    type: Cloud.Machine
        authentication: publicPrivateKey
        sshKey: SSH KEY GOES HERE

Lets see how we can dynamically supply this key during poisoning time.

Issue & Solution

Problem with the above approach is that you have to preconfigure the ssh key value in every yaml blueprint you manage. What if we want to pull the ssh key value from a git repository like Gitlab or Github or any other URL for that matter.

We cannot dynamically specify the value in the YAML but we can build an Action-Based Extensibility (ABX) action to fetch the value and inject it the YAML during provisioning.

Action-Based Extensibility uses streamlined scripts of code within Cloud Assembly to automate extensibility actions.

Action-Based Extensibility provides a lightweight and flexible run-time engine interface where you can define small scriptable actions and configure them to initiate on particular events provided by the Event Broker Service (EBS).

You can create these extensibility action scripts of code within Cloud Assembly and assign them to subscriptions. Similarly to workflows, the extensibility action script triggers when a event specified by a subscription occurs. Extensibility action scripts are used for more lightweight and simple automation of tasks and steps. They are also hosted on the cloud as opposed workflows which are hosted on-prem using a vRealize Orchestrator client and server.

Lets see how we can do this.

First lest specify the remote access method in our blueprint yaml and give a null value for the ssh key:

    type: Cloud.Machine
        authentication: publicPrivateKey
        sshKey: null

Navigate to the Extensibility tab in Cloud Assembly.

Navigate to Actions and click New Action

Provide the following value:

  • Name: Give it a name
  • Project: Attach it to your project that contains your blueprint yaml.
  • Template: custom script
  • Runtime: python 3

Copy and paste the following script in the script filed:

import requests
def handler(context, inputs):
    # Modify the URL to point to your Gitlab, Github or any other URL that holds the ssh key
    response = requests.get('')
    # Set encodding to UTF-8
    response.encoding = 'utf-8'
    # Remove new line breaks from the text
    ssh_key = response.text.replace("\n","")
    # Read the sshKey value from the Properties section fo the blueprint payload
    old_key = inputs["customProperties"]["sshKey"]
    new_key = ssh_key
    # Create outputs and assing new key valye
    outputs = {}
    outputs["customProperties"] = inputs["customProperties"]
    outputs["customProperties"]["sshKey"] = new_key
    print("Setting machine sshKey value from {0} to {1}".format(old_key, new_key))
    return outputs

Replace the response URL with the URL holing your ssh key.

On the right side provide the fallowing values:

  • Main function: handler
  • Inputs: customProperties : [“sshKey”]
  • Dependency: requests

Save the action.

Go to the Subscriptions tab and create a new Subscription.

Provide the following values:

  • Name: give it a name
  • Event Topic: compute.allocaiton.pre
  • Runnable Item: the action you created
  • Blocking: Enable

Save the subscription.

Trigger a deployment of the blueprint

Monitor the action run and wait until it has completed.

Now you should be able to login via SSH to the machine you’ve just deployed.

Spas Kaloferov on FacebookSpas Kaloferov on LinkedinSpas Kaloferov on TwitterSpas Kaloferov on WordpressSpas Kaloferov on Youtube
Spas Kaloferov
Spas Kaloferov has been a technology professional since 2004 and holds over 30 industry certifications. His experience is focused around the Microsoft and VMware portfolios. He studied in Germany and now lives in Sofia, Bulgaria. Spas joined the VMware family in 2014. He is currently part of a team delivering high-level training across the VMware Software-Defined Data Center (SDDC) product stack. He has been an active VMware contributor via his personal blog. Publications include technical resource for “VMware vRealize Orchestrator Cookbook – Second Edition” and author of the “Mastering vRealize Operations Manager – Second Edition” (Packt Publishing 2018) book.

Leave a Reply