One of the hard problems to solve when using Docker in production is deploying secrets. In particular, public keys are hard to deploy because they are multiline and there is usually one key per authorized user.
Since all our users have accounts on GitHub with their SSH key, it made sense to us to use GitHub as a centralized PKI for SSH keys. Starting with a simple Ruby script connecting to the GitHub API, we soon realized we would need a generic way of deploying public keys from GitHub if we persisted in this approach.
This gave birth to the github_pki, a generic command line tool using the GitHub API to deploy SSH and X509 keys from GitHub organizations, teams, and individual users.
Installing can be done from source:
Or by inheriting one of the official Docker images.
The github_pki command can then simply be called from within an entrypoint script to deploy keys:
Various environment variables can be used to tune which keys should be deployed: