Configure Git

Rok-tools is configured to perform strict host checking and uses the key found in /root/.ssh/id_rsa to establish an SSH connection to This guide will walk you through this process. Moreover, you will configure Git to use a username and an email globally.

Choose one of the following options to configure Git:

What You'll Need

Contact Arrikto

If you don't have a deployment key, please contact the Arrikto Tech Team to create one for you.

Option 1: Configure Git Automatically (preferred)

In order to automatically configure Git, you will run rok-deploy. rok-deploy is a CLI tool used to automate and speed up the Arrikto EKF deployment.

To start rok-deploy, switch to your management environment and run:

root@rok-tools:~# rok-deploy

You will be greeted with the following screen:


Configure Git by following the on-screen instructions on the rok-deploy user interface.


Proceed to the Summary section.

Option 2: Configure Git Manually

If you want to configure Git manually, follow the instructions below.


  1. Create the SSH configuration directory for user root:

    root@rok-tools:~# mkdir -p /root/.ssh
  2. Get the SSH key from

    root@rok-tools:~# export GITHUB_KEY=$(ssh-keyscan -t rsa SSH-2.0-babeld-2aa5ef1f
  3. Generate the fingerprint of the above SSH key:

    root@rok-tools:~# export GITHUB_FINGERPRINT=$(echo "${GITHUB_KEY?}" \
    > | ssh-keygen -lf - \
    > | cut -d ' ' -f 2 \
    > | cut -d ':' -f 2)
  4. Retrieve the official GitHub fingerprint:

    root@rok-tools:~# GITHUB_OFFICIAL_FINGERPRINT=$(curl \
    > -sSH "Accept: application/vnd.github.v3+json" \
    > \
    > | jq -r '.ssh_key_fingerprints | .SHA256_RSA')
  5. Cross-check the two fingerprints and make sure they are the same:

    root@rok-tools:~# [[ ${GITHUB_FINGERPRINT?} == "${GITHUB_OFFICIAL_FINGERPRINT?}" ]] \
    > && echo OK \
    > || echo FAIL
  6. Update known_hosts with the SSH key from GitHub:

    root@rok-tools:~# echo "${GITHUB_KEY?}" >> /root/.ssh/known_hosts
  7. Decrypt the Arrikto provided private SSH key:

    1. Open a terminal and run:

      root@rok-tools:~# gpg -d > /root/.ssh/id_rsa

      The above command will appear to hang while it is waiting for the encrypted text.

    2. Copy the encrypted text from the email, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

    3. Paste the encrypted text into the terminal, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

    4. Enter the passphrase, when gpg prompts you to.

    5. Press ctrl-d to inform gpg that there is no more input.

    6. You should end up with the private SSH key in /root/.ssh/id_rsa.

  8. Set read-only permissions for the private SSH key:

    root@rok-tools:~# chmod 400 /root/.ssh/id_rsa
  9. Generate the public SSH key based on your private key:

    root@rok-tools:~# ssh-keygen -yf ~/.ssh/id_rsa > ~/.ssh/
  10. Set the name that Git will use:

    root@rok-tools:~# export GIT_USER_NAME=<NAME>

    Replace <NAME> with your name, for example:

    root@rok-tools:~# export GIT_USER_NAME="Joe Doe"
  11. Set the email that Git will use:

    root@rok-tools:~# export GIT_USER_EMAIL=<EMAIL>

    Replace <EMAIL> with your email address, for example:

    root@rok-tools:~# export GIT_USER_EMAIL=""
  12. Configure Git to use the name and email you specified in the previous step:

    root@rok-tools:~# git config --global "${GIT_USER_NAME?}"
    root@rok-tools:~# git config --global ${GIT_USER_EMAIL?}


  1. Run keychain to start the SSH agent and use your SSH identity:

    root@rok-tools:~# eval "$(keychain --eval id_rsa)"
     * keychain 2.8.2 ~
     * Starting ssh-agent...
     * Adding 1 ssh key(s): /root/.ssh/id_rsa
     * ssh-add: Identities added: /root/.ssh/id_rsa


    Warning: can't find id_rsa; skipping

    Your private SSH key provided by Arrikto doesn't exist. Rerun the Procedure of this guide.

  2. Verify that you have read access to the Arrikto GitOps repository:

    root@rok-tools:~# git ls-remote "" > /dev/null \
    > && echo OK \
    > || echo FAIL


    Permission denied (publickey)

    You haven't properly decrypted the SSH key provided by Arrikto. Rerun the Procedure of this guide.

  3. Verify that you have configured Git with your name and email:

    root@rok-tools:~# git config --global
    Joe Doe
    root@rok-tools:~# git config --global


You have successfully configured Git in your management environment with your SSH key and identity.

What's Next

The next step is to clone the GitOps repository that contains all the necessary manifests for the deployment process.