docs: add passphrase

* chore: support passphrase

DOCS.md

@@ -167,6 +167,26 @@ Example configuration for ignore list:
         - release/*
 ```
 
+Example configuration for passphrase which protecting a private key:
+
+```diff
+  - name: scp files
+    image: appleboy/drone-scp
+    settings:
+      host:
+        - example1.com
+        - example2.com
+      user: ubuntu
++     key:
++       from_secret: ssh_key
++     passphrase: 1234
+      port: 22
+      command_timeout: 2m
+      target: /home/deploy/web
+      source:
+        - release/*
+```
+
 ## Parameter Reference
 
 host
@@ -184,6 +204,9 @@ password
 key
 : plain text of user private key
 
+ssh_passphrase
+: The purpose of the passphrase is usually to encrypt the private key.
+
 target
 : folder path of target host
 
@@ -229,6 +252,9 @@ proxy_key
 proxy_key_path
 : key path of proxy private key
 
+proxy_ssh_passphrase
+: The purpose of the passphrase is usually to encrypt the private key.
+
 ## Template Reference
 
 repo.owner

Makefile

@@ -122,7 +122,8 @@ ssh-server:
 	echo drone-scp:1234 | chpasswd
 	mkdir -p /home/drone-scp/.ssh
 	chmod 700 /home/drone-scp/.ssh
-	cp tests/.ssh/id_rsa.pub /home/drone-scp/.ssh/authorized_keys
+	cat tests/.ssh/id_rsa.pub >> /home/drone-scp/.ssh/authorized_keys
+	cat tests/.ssh/test.pub >> /home/drone-scp/.ssh/authorized_keys
 	chown -R drone-scp /home/drone-scp/.ssh
 	# install ssh and start server
 	apk add --update openssh openrc

go.mod

@@ -4,11 +4,11 @@ go 1.13
 
 require (
 	github.com/appleboy/com v0.0.2
-	github.com/appleboy/easyssh-proxy v1.2.0
+	github.com/appleboy/easyssh-proxy v1.3.0
 	github.com/fatih/color v1.7.0
 	github.com/joho/godotenv v1.3.0
 	github.com/mattn/go-colorable v0.1.4 // indirect
 	github.com/mattn/go-isatty v0.0.10 // indirect
 	github.com/stretchr/testify v1.4.0
-	github.com/urfave/cli v1.22.1
+	github.com/urfave/cli/v2 v2.1.1
 )

go.sum

@@ -1,12 +1,16 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0xINSaSYH0Whtvem64/4+Ef0+Y5pE=
+github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
 github.com/appleboy/com v0.0.2 h1:sexcPX7gp7peXMlOJMxEYcRucW7DW0XHgFZqUB6PI6g=
 github.com/appleboy/com v0.0.2/go.mod h1:jnufjIC3opMlReyPPPye+8JqNvUzLm25o7h6SOy8nv0=
-github.com/appleboy/easyssh-proxy v1.2.0 h1:KvaUGC18WkBFet+N1oofQy03jkC5HaKFn2XGxFxCTtg=
+github.com/appleboy/easyssh-proxy v1.3.0 h1:ToH+hZDPWP9/9E58lwxDLJQSHvgGgDAQ9ZVx6x5oofI=
-github.com/appleboy/easyssh-proxy v1.2.0/go.mod h1:vHskChUNhxwW4dXMe2MNE/k+UBCkBagrQDm70UWZrS0=
+github.com/appleboy/easyssh-proxy v1.3.0/go.mod h1:Kk57I3w7OCafOjp5kgZFvxk2fO8Tca5CriBTOsbSbjY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
+github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
@@ -26,15 +30,19 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY=
+github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
-golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 h1:jsG6UpNLt9iAsb0S2AGW28DveNzzgmbXR+ENoPjUeIU=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876 h1:sKJQZMuxjOAR/Uo2LBfU90onWEf1dF4C+0hPJCc9Mpc=
+golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=

main.go

@@ -8,7 +8,7 @@ import (
 	"github.com/appleboy/easyssh-proxy"
 	"github.com/joho/godotenv"
 	_ "github.com/joho/godotenv/autoload"
-	"github.com/urfave/cli"
+	"github.com/urfave/cli/v2"
 )
 
 // Version set at compile-time
@@ -22,7 +22,7 @@ func main() {
 	app.Usage = "Copy files and artifacts via SSH."
 	app.Copyright = "Copyright (c) 2019 Bo-Yi Wu"
 	app.Version = Version
-	app.Authors = []cli.Author{
+	app.Authors = []*cli.Author{
 		{
 			Name:  "Bo-Yi Wu",
 			Email: "appleboy.tw@gmail.com",
@@ -31,183 +31,193 @@ func main() {
 	app.Action = run
 	app.Version = Version
 	app.Flags = []cli.Flag{
-		cli.StringSliceFlag{
+		&cli.StringSliceFlag{
-			Name:   "host, H",
+			Name:    "host, H",
-			Usage:  "Server host",
+			Usage:   "Server host",
-			EnvVar: "PLUGIN_HOST,SCP_HOST,SSH_HOST,HOST,INPUT_HOST",
+			EnvVars: []string{"PLUGIN_HOST", "SCP_HOST", "SSH_HOST", "HOST", "INPUT_HOST"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "port, P",
+			Name:    "port, P",
-			Value:  "22",
+			Value:   "22",
-			Usage:  "Server port, default to 22",
+			Usage:   "Server port, default to 22",
-			EnvVar: "PLUGIN_PORT,SCP_PORT,SSH_PORT,PORT,INPUT_PORT",
+			EnvVars: []string{"PLUGIN_PORT", "SCP_PORT", "SSH_PORT", "PORT", "INPUT_PORT"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "username, u",
+			Name:    "username, u",
-			Usage:  "Server username",
+			Usage:   "Server username",
-			EnvVar: "PLUGIN_USERNAME,PLUGIN_USER,SCP_USERNAME,SSH_USERNAME,USERNAME,INPUT_USERNAME",
+			EnvVars: []string{"PLUGIN_USERNAME", "PLUGIN_USER", "SCP_USERNAME", "SSH_USERNAME", "USERNAME", "INPUT_USERNAME"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "password, p",
+			Name:    "password, p",
-			Usage:  "Password for password-based authentication",
+			Usage:   "Password for password-based authentication",
-			EnvVar: "PLUGIN_PASSWORD,SCP_PASSWORD,SSH_PASSWORD,PASSWORD,INPUT_PASSWORD",
+			EnvVars: []string{"PLUGIN_PASSWORD", "SCP_PASSWORD", "SSH_PASSWORD", "PASSWORD", "INPUT_PASSWORD"},
 		},
-		cli.DurationFlag{
+		&cli.DurationFlag{
-			Name:   "timeout",
+			Name:    "timeout",
-			Usage:  "connection timeout",
+			Usage:   "connection timeout",
-			EnvVar: "PLUGIN_TIMEOUT,SCP_TIMEOUT,INPUT_TIMEOUT",
+			EnvVars: []string{"PLUGIN_TIMEOUT", "SCP_TIMEOUT", "INPUT_TIMEOUT"},
-			Value:  30 * time.Second,
+			Value:   30 * time.Second,
 		},
-		cli.DurationFlag{
+		&cli.DurationFlag{
-			Name:   "command.timeout,T",
+			Name:    "command.timeout",
-			Usage:  "command timeout",
+			Usage:   "command timeout",
-			EnvVar: "PLUGIN_COMMAND_TIMEOUT,SSH_COMMAND_TIMEOUT,INPUT_COMMAND_TIMEOUT",
+			EnvVars: []string{"PLUGIN_COMMAND_TIMEOUT", "SSH_COMMAND_TIMEOUT", "INPUT_COMMAND_TIMEOUT"},
-			Value:  10 * time.Minute,
+			Value:   10 * time.Minute,
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "key, k",
+			Name:    "ssh-key, k",
-			Usage:  "ssh private key",
+			Usage:   "ssh private key",
-			EnvVar: "PLUGIN_KEY,SCP_KEY,SSH_KEY,KEY,INPUT_KEY",
+			EnvVars: []string{"PLUGIN_SSH_KEY,", "PLUGIN_KEY", "SCP_KEY", "SSH_KEY", "KEY", "INPUT_KEY"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "key-path, i",
+			Name:    "ssh-passphrase",
-			Usage:  "ssh private key path",
+			Usage:   "The purpose of the passphrase is usually to encrypt the private key.",
-			EnvVar: "PLUGIN_KEY_PATH,SCP_KEY_PATH,SSH_KEY_PATH,INPUT_KEY_PATH",
+			EnvVars: []string{"PLUGIN_SSH_PASSPHRASE", "PLUGIN_PASSPHRASE", "SSH_PASSPHRASE", "PASSPHRASE", "INPUT_PASSPHRASE"},
 		},
-		cli.StringSliceFlag{
+		&cli.StringFlag{
-			Name:   "target, t",
+			Name:    "key-path, i",
-			Usage:  "Target path on the server",
+			Usage:   "ssh private key path",
-			EnvVar: "PLUGIN_TARGET,SCP_TARGET,TARGET,INPUT_TARGET",
+			EnvVars: []string{"PLUGIN_KEY_PATH", "SCP_KEY_PATH", "SSH_KEY_PATH", "INPUT_KEY_PATH"},
 		},
-		cli.StringSliceFlag{
+		&cli.StringSliceFlag{
-			Name:   "source, s",
+			Name:    "target, t",
-			Usage:  "scp file list",
+			Usage:   "Target path on the server",
-			EnvVar: "PLUGIN_SOURCE,SCP_SOURCE,SOURCE,INPUT_SOURCE",
+			EnvVars: []string{"PLUGIN_TARGET", "SCP_TARGET", "TARGET", "INPUT_TARGET"},
 		},
-		cli.BoolFlag{
+		&cli.StringSliceFlag{
-			Name:   "rm, r",
+			Name:    "source, s",
-			Usage:  "remove target folder before upload data",
+			Usage:   "scp file list",
-			EnvVar: "PLUGIN_RM,SCP_RM,RM,INPUT_RM",
+			EnvVars: []string{"PLUGIN_SOURCE", "SCP_SOURCE", "SOURCE", "INPUT_SOURCE"},
 		},
-		cli.StringFlag{
+		&cli.BoolFlag{
-			Name:   "repo.owner",
+			Name:    "rm, r",
-			Usage:  "repository owner",
+			Usage:   "remove target folder before upload data",
-			EnvVar: "DRONE_REPO_OWNER",
+			EnvVars: []string{"PLUGIN_RM", "SCP_RM", "RM", "INPUT_RM"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "repo.name",
+			Name:    "repo.owner",
-			Usage:  "repository name",
+			Usage:   "repository owner",
-			EnvVar: "DRONE_REPO_NAME",
+			EnvVars: []string{"DRONE_REPO_OWNER"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "commit.sha",
+			Name:    "repo.name",
-			Usage:  "git commit sha",
+			Usage:   "repository name",
-			EnvVar: "DRONE_COMMIT_SHA",
+			EnvVars: []string{"DRONE_REPO_NAME"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "commit.branch",
+			Name:    "commit.sha",
-			Value:  "master",
+			Usage:   "git commit sha",
-			Usage:  "git commit branch",
+			EnvVars: []string{"DRONE_COMMIT_SHA"},
-			EnvVar: "DRONE_COMMIT_BRANCH",
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "commit.author",
+			Name:    "commit.branch",
-			Usage:  "git author name",
+			Value:   "master",
-			EnvVar: "DRONE_COMMIT_AUTHOR",
+			Usage:   "git commit branch",
+			EnvVars: []string{"DRONE_COMMIT_BRANCH"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "commit.message",
+			Name:    "commit.author",
-			Usage:  "commit message",
+			Usage:   "git author name",
-			EnvVar: "DRONE_COMMIT_MESSAGE",
+			EnvVars: []string{"DRONE_COMMIT_AUTHOR"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "build.event",
+			Name:    "commit.message",
-			Value:  "push",
+			Usage:   "commit message",
-			Usage:  "build event",
+			EnvVars: []string{"DRONE_COMMIT_MESSAGE"},
-			EnvVar: "DRONE_BUILD_EVENT",
 		},
-		cli.IntFlag{
+		&cli.StringFlag{
-			Name:   "build.number",
+			Name:    "build.event",
-			Usage:  "build number",
+			Value:   "push",
-			EnvVar: "DRONE_BUILD_NUMBER",
+			Usage:   "build event",
+			EnvVars: []string{"DRONE_BUILD_EVENT"},
 		},
-		cli.StringFlag{
+		&cli.IntFlag{
-			Name:   "build.status",
+			Name:    "build.number",
-			Usage:  "build status",
+			Usage:   "build number",
-			Value:  "success",
+			EnvVars: []string{"DRONE_BUILD_NUMBER"},
-			EnvVar: "DRONE_BUILD_STATUS",
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "build.link",
+			Name:    "build.status",
-			Usage:  "build link",
+			Usage:   "build status",
-			EnvVar: "DRONE_BUILD_LINK",
+			Value:   "success",
+			EnvVars: []string{"DRONE_BUILD_STATUS"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
+			Name:    "build.link",
+			Usage:   "build link",
+			EnvVars: []string{"DRONE_BUILD_LINK"},
+		},
+		&cli.StringFlag{
 			Name:  "env-file",
 			Usage: "source env file",
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "proxy.ssh-key",
+			Name:    "proxy.ssh-key",
-			Usage:  "private ssh key of proxy",
+			Usage:   "private ssh key of proxy",
-			EnvVar: "PLUGIN_PROXY_SSH_KEY,PLUGIN_PROXY_KEY,PROXY_SSH_KEY,PROXY_KEY,INPUT_PROXY_SSH_KEY",
+			EnvVars: []string{"PLUGIN_PROXY_SSH_KEY", "PLUGIN_PROXY_KEY", "PROXY_SSH_KEY", "PROXY_KEY", "INPUT_PROXY_SSH_KEY"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "proxy.key-path",
+			Name:    "proxy.ssh-passphrase",
-			Usage:  "ssh private key path of proxy",
+			Usage:   "The purpose of the passphrase is usually to encrypt the private key.",
-			EnvVar: "PLUGIN_PROXY_KEY_PATH,PROXY_SSH_KEY_PATH,INPUT_PROXY_SSH_KEY_PATH",
+			EnvVars: []string{"PLUGIN_PROXY_SSH_PASSPHRASE", "PLUGIN_PROXY_PASSPHRASE", "PROXY_SSH_PASSPHRASE,PROXY_PASSPHRASE", "INPUT_PROXY_PASSPHRASE"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "proxy.username",
+			Name:    "proxy.key-path",
-			Usage:  "connect as user of proxy",
+			Usage:   "ssh private key path of proxy",
-			EnvVar: "PLUGIN_PROXY_USERNAME,PLUGIN_PROXY_USER,PROXY_SSH_USERNAME,PROXY_USERNAME,INPUT_PROXY_USERNAME",
+			EnvVars: []string{"PLUGIN_PROXY_KEY_PATH", "PROXY_SSH_KEY_PATH", "INPUT_PROXY_SSH_KEY_PATH"},
-			Value:  "root",
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "proxy.password",
+			Name:    "proxy.username",
-			Usage:  "user password of proxy",
+			Usage:   "connect as user of proxy",
-			EnvVar: "PLUGIN_PROXY_PASSWORD,PROXY_SSH_PASSWORD,PROXY_PASSWORD,INPUT_PROXY_PASSWORD",
+			EnvVars: []string{"PLUGIN_PROXY_USERNAME", "PLUGIN_PROXY_USER", "PROXY_SSH_USERNAME", "PROXY_USERNAME", "INPUT_PROXY_USERNAME"},
+			Value:   "root",
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "proxy.host",
+			Name:    "proxy.password",
-			Usage:  "connect to host of proxy",
+			Usage:   "user password of proxy",
-			EnvVar: "PLUGIN_PROXY_HOST,PROXY_SSH_HOST,PROXY_HOST,INPUT_PROXY_HOST",
+			EnvVars: []string{"PLUGIN_PROXY_PASSWORD", "PROXY_SSH_PASSWORD", "PROXY_PASSWORD", "INPUT_PROXY_PASSWORD"},
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "proxy.port",
+			Name:    "proxy.host",
-			Usage:  "connect to port of proxy",
+			Usage:   "connect to host of proxy",
-			EnvVar: "PLUGIN_PROXY_PORT,PROXY_SSH_PORT,PROXY_PORT,INPUT_PROXY_PORT",
+			EnvVars: []string{"PLUGIN_PROXY_HOST", "PROXY_SSH_HOST", "PROXY_HOST", "INPUT_PROXY_HOST"},
-			Value:  "22",
 		},
-		cli.DurationFlag{
+		&cli.StringFlag{
-			Name:   "proxy.timeout",
+			Name:    "proxy.port",
-			Usage:  "proxy connection timeout",
+			Usage:   "connect to port of proxy",
-			EnvVar: "PLUGIN_PROXY_TIMEOUT,PROXY_SSH_TIMEOUT,INPUT_PROXY_TIMEOUT",
+			EnvVars: []string{"PLUGIN_PROXY_PORT", "PROXY_SSH_PORT", "PROXY_PORT", "INPUT_PROXY_PORT"},
+			Value:   "22",
 		},
-		cli.IntFlag{
+		&cli.DurationFlag{
-			Name:   "strip.components",
+			Name:    "proxy.timeout",
-			Usage:  "Remove the specified number of leading path elements.",
+			Usage:   "proxy connection timeout",
-			EnvVar: "PLUGIN_STRIP_COMPONENTS,TAR_STRIP_COMPONENTS,INPUT_STRIP_COMPONENTS",
+			EnvVars: []string{"PLUGIN_PROXY_TIMEOUT", "PROXY_SSH_TIMEOUT", "INPUT_PROXY_TIMEOUT"},
 		},
-		cli.StringFlag{
+		&cli.IntFlag{
-			Name:   "tar.exec",
+			Name:    "strip.components",
-			Usage:  "Alternative `tar` executable to on the dest host",
+			Usage:   "Remove the specified number of leading path elements.",
-			EnvVar: "PLUGIN_TAR_EXEC,SCP_TAR_EXEC,INPUT_TAR_EXEC",
+			EnvVars: []string{"PLUGIN_STRIP_COMPONENTS", "TAR_STRIP_COMPONENTS", "INPUT_STRIP_COMPONENTS"},
-			Value:  "tar",
 		},
-		cli.StringFlag{
+		&cli.StringFlag{
-			Name:   "tar.tmp-path",
+			Name:    "tar.exec",
-			Usage:  "Temporary path for tar file on the dest host",
+			Usage:   "Alternative `tar` executable to on the dest host",
-			EnvVar: "PLUGIN_TAR_TMP_PATH,SCP_TAR_TMP_PATH",
+			EnvVars: []string{"PLUGIN_TAR_EXEC", "SCP_TAR_EXEC", "INPUT_TAR_EXEC"},
+			Value:   "tar",
 		},
-		cli.BoolFlag{
+		&cli.StringFlag{
-			Name:   "debug",
+			Name:    "tar.tmp-path",
-			Usage:  "remove target folder before upload data",
+			Usage:   "Temporary path for tar file on the dest host",
-			EnvVar: "PLUGIN_DEBUG,DEBUG,INPUT_DEBUG",
+			EnvVars: []string{"PLUGIN_TAR_TMP_PATH", "SCP_TAR_TMP_PATH"},
 		},
-		cli.BoolFlag{
+		&cli.BoolFlag{
-			Name:   "overwrite",
+			Name:    "debug",
-			Usage:  "use --overwrite flag with tar",
+			Usage:   "remove target folder before upload data",
-			EnvVar: "PLUGIN_OVERWRITE,SCP_OVERWRITE,INPUT_OVERWRITE",
+			EnvVars: []string{"PLUGIN_DEBUG", "DEBUG", "INPUT_DEBUG"},
+		},
+		&cli.BoolFlag{
+			Name:    "overwrite",
+			Usage:   "use --overwrite flag with tar",
+			EnvVars: []string{"PLUGIN_OVERWRITE", "SCP_OVERWRITE", "INPUT_OVERWRITE"},
 		},
 	}
 
@@ -274,9 +284,10 @@ func run(c *cli.Context) error {
 			Port:            c.String("port"),
 			Username:        c.String("username"),
 			Password:        c.String("password"),
+			Passphrase:      c.String("ssh-passphrase"),
 			Timeout:         c.Duration("timeout"),
 			CommandTimeout:  c.Duration("command.timeout"),
-			Key:             c.String("key"),
+			Key:             c.String("ssh-key"),
 			KeyPath:         c.String("key-path"),
 			Target:          c.StringSlice("target"),
 			Source:          c.StringSlice("source"),
@@ -287,13 +298,14 @@ func run(c *cli.Context) error {
 			TarTmpPath:      c.String("tar.tmp-path"),
 			Overwrite:       c.Bool("overwrite"),
 			Proxy: easyssh.DefaultConfig{
-				Key:      c.String("proxy.ssh-key"),
+				Key:        c.String("proxy.ssh-key"),
-				KeyPath:  c.String("proxy.key-path"),
+				Passphrase: c.String("proxy.ssh-passphrase"),
-				User:     c.String("proxy.username"),
+				KeyPath:    c.String("proxy.key-path"),
-				Password: c.String("proxy.password"),
+				User:       c.String("proxy.username"),
-				Server:   c.String("proxy.host"),
+				Password:   c.String("proxy.password"),
-				Port:     c.String("proxy.port"),
+				Server:     c.String("proxy.host"),
-				Timeout:  c.Duration("proxy.timeout"),
+				Port:       c.String("proxy.port"),
+				Timeout:    c.Duration("proxy.timeout"),
 			},
 		},
 	}

plugin.go

@@ -50,6 +50,7 @@ type (
 		Username        string
 		Password        string
 		Key             string
+		Passphrase      string
 		KeyPath         string
 		Timeout         time.Duration
 		CommandTimeout  time.Duration
@@ -164,21 +165,23 @@ func (p *Plugin) removeDestFile(ssh *easyssh.MakeConfig) error {
 func (p *Plugin) removeAllDestFile() error {
 	for _, host := range p.Config.Host {
 		ssh := &easyssh.MakeConfig{
-			Server:   host,
+			Server:     host,
-			User:     p.Config.Username,
+			User:       p.Config.Username,
-			Password: p.Config.Password,
+			Password:   p.Config.Password,
-			Port:     p.Config.Port,
+			Port:       p.Config.Port,
-			Key:      p.Config.Key,
+			Key:        p.Config.Key,
-			KeyPath:  p.Config.KeyPath,
+			KeyPath:    p.Config.KeyPath,
-			Timeout:  p.Config.Timeout,
+			Passphrase: p.Config.Passphrase,
+			Timeout:    p.Config.Timeout,
 			Proxy: easyssh.DefaultConfig{
-				Server:   p.Config.Proxy.Server,
+				Server:     p.Config.Proxy.Server,
-				User:     p.Config.Proxy.User,
+				User:       p.Config.Proxy.User,
-				Password: p.Config.Proxy.Password,
+				Password:   p.Config.Proxy.Password,
-				Port:     p.Config.Proxy.Port,
+				Port:       p.Config.Proxy.Port,
-				Key:      p.Config.Proxy.Key,
+				Key:        p.Config.Proxy.Key,
-				KeyPath:  p.Config.Proxy.KeyPath,
+				KeyPath:    p.Config.Proxy.KeyPath,
-				Timeout:  p.Config.Proxy.Timeout,
+				Passphrase: p.Config.Proxy.Passphrase,
+				Timeout:    p.Config.Proxy.Timeout,
 			},
 		}
 
@@ -272,21 +275,23 @@ func (p *Plugin) Exec() error {
 		go func(host string) {
 			// Create MakeConfig instance with remote username, server address and path to private key.
 			ssh := &easyssh.MakeConfig{
-				Server:   host,
+				Server:     host,
-				User:     p.Config.Username,
+				User:       p.Config.Username,
-				Password: p.Config.Password,
+				Password:   p.Config.Password,
-				Port:     p.Config.Port,
+				Port:       p.Config.Port,
-				Key:      p.Config.Key,
+				Key:        p.Config.Key,
-				KeyPath:  p.Config.KeyPath,
+				KeyPath:    p.Config.KeyPath,
-				Timeout:  p.Config.Timeout,
+				Passphrase: p.Config.Passphrase,
+				Timeout:    p.Config.Timeout,
 				Proxy: easyssh.DefaultConfig{
-					Server:   p.Config.Proxy.Server,
+					Server:     p.Config.Proxy.Server,
-					User:     p.Config.Proxy.User,
+					User:       p.Config.Proxy.User,
-					Password: p.Config.Proxy.Password,
+					Password:   p.Config.Proxy.Password,
-					Port:     p.Config.Proxy.Port,
+					Port:       p.Config.Proxy.Port,
-					Key:      p.Config.Proxy.Key,
+					Key:        p.Config.Proxy.Key,
-					KeyPath:  p.Config.Proxy.KeyPath,
+					KeyPath:    p.Config.Proxy.KeyPath,
-					Timeout:  p.Config.Proxy.Timeout,
+					Passphrase: p.Config.Proxy.Passphrase,
+					Timeout:    p.Config.Proxy.Timeout,
 				},
 			}
 

plugin_test.go

@@ -130,6 +130,45 @@ func TestSCPFileFromPublicKey(t *testing.T) {
 	}
 }
 
+func TestSCPFileFromPublicKeyWithPassphrase(t *testing.T) {
+	if os.Getenv("SSH_AUTH_SOCK") != "" {
+		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
+			t.Fatalf("exec: %v", err)
+		}
+	}
+
+	u, err := user.Lookup("drone-scp")
+	if err != nil {
+		t.Fatalf("Lookup: %v", err)
+	}
+
+	plugin := Plugin{
+		Config: Config{
+			Host:           []string{"localhost"},
+			Username:       "drone-scp",
+			Port:           "22",
+			KeyPath:        "tests/.ssh/test",
+			Passphrase:     "1234",
+			Source:         []string{"tests/a.txt", "tests/b.txt"},
+			Target:         []string{filepath.Join(u.HomeDir, "/test2")},
+			CommandTimeout: 60 * time.Second,
+			TarExec:        "tar",
+		},
+	}
+
+	err = plugin.Exec()
+	assert.Nil(t, err)
+
+	// check file exist
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/a.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+
+	if _, err := os.Stat(filepath.Join(u.HomeDir, "/test2/tests/b.txt")); os.IsNotExist(err) {
+		t.Fatalf("SCP-error: %v", err)
+	}
+}
+
 func TestSCPWildcardFileList(t *testing.T) {
 	if os.Getenv("SSH_AUTH_SOCK") != "" {
 		if err := exec.Command("eval", "`ssh-agent -k`").Run(); err != nil {
@@ -389,7 +428,7 @@ func TestGlobList(t *testing.T) {
 	assert.Equal(t, expects, globList(paterns).Source)
 
 	paterns = []string{"tests/*.txt", "tests/.ssh/*", "abc*"}
-	expects = []string{"tests/a.txt", "tests/b.txt", "tests/.ssh/id_rsa", "tests/.ssh/id_rsa.pub"}
+	expects = []string{"tests/a.txt", "tests/b.txt", "tests/.ssh/id_rsa", "tests/.ssh/id_rsa.pub", "tests/.ssh/test", "tests/.ssh/test.pub"}
 	assert.Equal(t, expects, globList(paterns).Source)
 
 	paterns = []string{"tests/?.txt"}

tests/.ssh/test

@@ -0,0 +1,50 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAZka7A7i
+FscMeJBPyPteclAAAAEAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2o
+nnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mh
+HBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+
+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMG
+vX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv
+9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOr
+b93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mr
+D2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jI
+NHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE
+3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpv
+jwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQAAB1CnEMQGwAKZbd3F1DJqwfPf
+KWjoUJKbTRiav6h5pQr65JaqDe/7YE2ZHYo5917AC2vPLwPxAnoHFMsbObd5mWcmpATg/0
+K/qkN5Z4Ml5U3bwr51wfSPh1MiAP21Aickt09BDstIJzNNwwgcY31O3k/d6VBjqyM6Ezop
+66LI4s/IIni1BI+cALyEfzE4Qu16GfzIeM+JVxildP4VImhvNBESmmbBL8rNmSzlQ+FTuF
+JVmowUbcon1O0CppM1MRVPeG805XDwjxHXKwOp5O7MdTz7H8JeORoe8D6+4rNfJE0eQGY7
+Nm4+Wa97HzAFbT9IS433rxoGx9Qps3LAySFONso2JWSOEfo8rxnqO04DrfVHQhY3DkkwQt
+FsDnMtkthJa+ZzUYc75fnS0DBPGuF9DZUCqrev5oAUHP6C4Vc4b33JJQD4FZJ+ehk3Xsci
+cwJQsmgLyc5Jdh543Dm7kZoM9ku7HDNrB4H/1p45Vo6aBZMAY50x+fTdBeTgCzzhzzTbf+
+0IF8W3yW3/BYD+S2Byo3JKp6NH0Q8cgPJrGTl6GltGfpVuc6kLjMZ5zvxRbyWaqtIygM46
+W1izbA+9jwbHhitCtOk42e/ff6iEB1MVC13LqPty3gPNR8Pv0rDUDjJS4KiVwXqUY+bMr0
+C8l/hx93euHjLUJ49Ru6uy/2fBlHZEj6GmEAJhu/i6t2c1Rq0HBLis9X356oQT+YZnIai2
+ym0MknPxjeYBAItOV3zhRd1cYnk7CDcl1XALcnh0tqP712x24IJ+Ytqg7nvB2NZV8T469I
+8Fp254Nr89HOMAXaZD0UcIPm7D2rfWV+YJFI3ZcJ/8DM99H3tpXe2j4oHMdmAbBd++09sx
+KBRdFLcvnBfd1lqwxpA7hbxzrxi/yehYCqzh5KQGaf2UXej6TPiVzBWVYbp34cMZtsT6mF
+K8SS3l5TXoNK2DNEk30o8K3q+vngQpfC9GZ/id4B7LS/3ybellxemZHXQoU4PxDkLKt7jd
+AAsd5WO13dv3n/qgyu8iBRiFU+W66NX0RJGkp+lZMnta0YzukafM2n6GDn/r/Cx/y21PAi
+ah8i41ByI1QLI4m1r+bRHdUxAarS/XJw4tTSFiZu3zddMYrlzeG9O3VUX9zBvBtfQbSmeJ
+omml0zlr/qD7TMsORiujy7XIn7sMW+Ls/NA8TvX8oRnACjXe/MYNEZ8WDu2rkZuY/Dfc+o
+NyYWO7kZ3kcejQZ1NusJSA7MG0FFGYSIaC9T9CWqYd5IcRSJW4dZnCt9z8CIJ6TSUFqMb/
+H1Y5Rmi0IIX+8qbGGXVBDIBk5y9xtS43+nz1nsdXwDmkTiXN9+ZX+GDsLxCWoHGryrWDbk
+EuOAlqpvxFKzEkNsx+AC5wae6i/hBeiEce9bm4nZp+hFv1ic1Z9WS8B37YOFgJ4utGeOjB
+6hnywUUJ3aH0LnCQNB3UzeFR7BmEaxmYD/phJodmjA5SD3CWpeizdXfrUjtqXGhYlr2jzq
+vBAeeYEO4uaHIGxg8GqoqtaseqVcIdtouHxrVAxxXkjShV2ji7oJ/AtrLZNlkKYxMk0TpX
+fFiKqL/uKfS78FfvVOhOkHZTD6ZeMgmdL/uOghEAtrf08ChyRvdp7QLjA802aio9eUVIQm
+lHb1ltPEbIZNuvQ5kTIwk2eM6EAkOh0MBMoAYOxOpIb00XHNRDGJYuLewByjMQa8EoT6VM
+NoiFIzJU9lLAXE6yz6JswctpTpLHK9Aq5vY7ObaOvrmpCQqsXfOuVUo2nR/FyEes97zuXG
+E4aKaHK4IAW4UY/oGYk7pU/yRpudhiNRMXzmcQXfVmBEHuvDrh2chg8lDYn++07F7RWqkI
+nfMAOWR8UEl4xp4zJtThDjRxNW6QLl8E1ADjndA9wVaKNSzv2i1TLXKBr5luFqY9MSJ2rm
+yBR5EwairH/Qn9TUxaDD+0p6J+E9iz1l8UPTJa/cjtwiySljahY/6tHHnr9YQVnox92yfU
+UXpfINGjYrpqh6EFwmyRw9fryIMvMhgZYo6ZoCRBCK2GfGAB0VTzJy2FGs4GecZK5ptXKu
+sOX8BgGX/Q/nAJ7PWf9hgYlX2YyjmLjQZDMWECp05VFx9znEETNKlwF1FX5/E/37ISyz4d
+I1LVSKOEccJX7jCR32LzvRW1UBX47Z+q3LVE4sa0QAV/JoISq6Qn6zAsVIV0yEPmVbd/xx
+aX2uBUGHhmd99YJDh81xJIoYEMRzoGVfp0JjfYcDUc+2I6JdrOMF9/KmMA5wsZl4OKiu/F
+cTRGjUkgw/cF2EFRGWknee2esYRB7tOr4y56qZ4gxqw8q9rYXhyB42jbdTvt5xcCm/ynid
+sn4InokRRoIiMIPL5Ur7FZQHOP+915MWUBsrTJtkCWQuqJheYUi3mCzh/7NadAKplRpaKb
+rS/DJIOOkjnGni/sDxJzPq7STDBVy4WStwQl6NI5hq+/c+JvN9GI4Vu/kz0z8qUcdShLaH
+l4njcaMpg4tpQMHtCBOicGyV0=
+-----END OPENSSH PRIVATE KEY-----

tests/.ssh/test.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDz6aZ1jY2onnuj2YNHJ/HhfvIu0B973v/+pFFOavnTUOhEEKEy3TASu+s9CkHrYZAtRc+QYIkNZI31mhHBhotdeP/7GoO2UirkFtrzyQKPNJxEcv0RBoG9ssN8jex0PyK6DHIYYFnIWadVBEEOh/H+rK7j7u2/big3oTzYBuFrCwmYFcz5na99MzFeAUhazF44gVBma+zO+1quGeqF51UDIg1SMGvX8I7LNEqrKEBaIUQJKFQcxlOWlRLQsjJCymrOujsXsRrXHAQWcnxDcNevv2ZMOUl0ybvv9yH0BiGbRBd1Hy8/QPILbAQaqu0oQE7fubN8Q8lqb3Jg0loID4x/5GPhSY8WAXpuLcXTOrb93SnCw1JsAgJDNqpuuRFy3BSZ7wBOr1jfeIoo7xk14OHiUjJ0uXDL9cLMkcw6ElWz81mrD2VCkXUz+qFyjJ+G7aGWRtctZoOzKln4yfNfUmwW8/8ra3QnmrMZ2xW2Ylw3ZhO+tLi7jINHYFb54bAdLVPUU1ctIuJns2qkWnjJCxxMiynIqCif20/OU1n8CTJuOWiURmRdmvKOH4PE3JxC2Qnk/3tV3Cf8hp1CH5VjBZ9AjGj5MDMHXyu34VY2WvYo5QyzfS3ySPoT8kCO0G0xpvjwCMHOK+G2RP4kqb/KKZguiKdgintBXuskTlJmD7kcMQ== deploy@easyssh