Just ran into this while setting up a Gitlab Deploy Runner and wanted to document it before I forget ;-)

If you use Secret variables in your Gitlab CI/CD and they happen to be multi line, such as a private key, then you might be wondering why you are being asked for a passphrase when you didn’t set one!

The issue is that multi line values are stored in DOS format, yep “\r\n” vs “\n” which assuming that your runner is UNIX, then ssh-add will want no part of it.

$ od -c ~/.ssh/ssh_private_key
0000000   -   -   -   -   -   B   E   G   I   N       O   P   E   N   S
0000020   S   H       P   R   I   V   A   T   E       K   E   Y   -   -
0000040   -   -   -  \r  \n   c   5   b   w   b   n   T   z   a   C   7

A quick fix is update you CI configuration to strip out the unwanted passenger. The good news is this will not cause any harm if the carriage returns are not there.

- ssh-add <(echo "$SSH_PRIVATE_KEY")


- ssh-add <(echo "$SSH_PRIVATE_KEY" | tr -d '\r')