Any SSH keys that you configure for CircleCI, be it a Deploy Key, a User Key, or one or more Additional Keys, will not be automatically added to an executor that you run in a workflow.
There are only two ways to have an SSH key be added to an executor:
* Use the checkout command.
* Use the add_ssh_keys command.
## The checkout command:
Using the checkout command will cause either the Deploy or User key to be added depending on which one you have set as the preferred key.
## The add_ssh_keys command:
Using the add_ssh_keys command will allow you to add one or more of the Additional Keys configured in your project to the executor that it is invoked upon. You cannot use this to add the Deploy Key or the User Key.
## The problem
This creates an interesting challenge in some situations:
Given we have a project (Project A), that in its workflow also checks out another project (Project B), we will use an SSH key that allows access to both projects, and add it as the User Key to Project A's CircleCI config.
Project A's workflow builds Project B. But the job that builds Project B does not (and should not) run the checkout command. This is because Project A has already been built by an earlier job in the workflow, so using that command would check out a fresh copy of Project A and lose the built environment. So using the checkout command is off the table for grabbing the User Key that we need to use to build Project B.
To work around this, I had to add a duplicate of the User Key as an Additional Key, just so I could add it to the executor via the add_ssh_keys command.
## Proposed solution
Allow me to reference the fingerprints of both Deploy Keys AND User Keys in addition to Additional Keys when adding keys to a job via the add_ssh_keys command.
Created by Logan Godsey
May 10, 2022