(1) Prepare SSH private key in base64 encoded format using OpenSSL.
openssl base64 < my_private.pem | tr -d '\n' | pbcopy
This will copy the base64 encoded into your clipboard.
(2) Create a repository variable in your bitbucket project.
(3) Create a known hosts list and commit into your Bitbucket repository.
ssh-keyscan -t rsa your_domain.com > my_known_hosts
(4) Update your bitbucket-pipelines.yml to add identity and known hosts. E.g.
script: ...... - mkdir -p ~/.ssh - cat my_known_hosts >> ~/.ssh/known_hosts - (umask 077 ; echo $B64_SSH_PROD | base64 --decode > ~/.ssh/id_rsa) - bundle exec cap production deploy
The first line creates the .ssh directory. The second line appends your custom known host list. The third line base 64 decodes your private key and saves it as id_rsa file.