Configure bitbucket pipelines to use custom SSH private keys

(1) Prepare SSH private key in base64 encoded format using OpenSSL.

openssl base64 < my_private.pem | tr -d '\n' | pbcopy

This will copy the base64 encoded into your clipboard.

(2) Create a repository variable in your bitbucket project.

(3) Create a known hosts list and commit into your Bitbucket repository.

ssh-keyscan -t rsa your_domain.com > my_known_hosts

(4) Update your bitbucket-pipelines.yml to add identity and known hosts. E.g.

script:
  ......
  - mkdir -p ~/.ssh
  - cat my_known_hosts >> ~/.ssh/known_hosts
  - (umask  077 ; echo $B64_SSH_PROD | base64 --decode > ~/.ssh/id_rsa)
  - bundle exec cap production deploy

The first line creates the .ssh directory. The second line appends your custom known host list. The third line base 64 decodes your private key and saves it as id_rsa file.

Configure bitbucket pipelines to use custom SSH private keys

Using Bitbucket repository variables

Guide Capistrano Pipelines Deployment OpenSSL Bitbucket