How do I use remote machine's SSH keys in ansible git module

I've been trying to get Ansible to provision a remote machine, and I want the remote machine to be set up with its own keys, and have the ability to clone git repositories from Bitbucket.

The user is set up, has its own id_rsa.pub, and the key has been registered with bitbucket.

But, when I use the Ansible Git module, it looks like the module always tries to use the keys from the machine running the playbook.

How do I get the git module to use the id_rsa.pub from the remote machine?

The relevant task is this:

- name: be sure prom-king has an up-to-date clone of its own repository
  git:
    repo: "ssh://ddcrnd@bitbucket.org/prom-king.git"
    dest: /home/promking/prom-king
    accept_hostkey: yes
    clone: yes
    key_file: /home/promking/.ssh/id_rsa.pub
    update: yes

The relevant inventory is this

# inventory file for use with the vagrant box in the testing directory.
[prom-king]
192.168.168.192 ansible_ssh_host=127.0.0.1 ansible_sudo=true ansible_connection=ssh  ansible_ssh_port=2222 ansible_ssh_user=vagrant ansible_ssh_private_key_file=testing/.vagrant/machines/default/virtualbox/private_key

Mikko Ohtamaa

This is how I deploy from Github using a key file set on the remote server. If the keyfile parameter for git doesn't work then something is wrong with your playbook:

- name: Creates .ssh directory for root
  sudo: yes
  file: path=/root/.ssh state=directory

# This public key is set on Github repo Settings under "Deploy keys"
- name: Upload the private key used for Github cloning
  sudo: yes
  copy: src=keys/github dest=/root/.ssh/github

- name: Correct SSH deploy key permissions
  sudo: yes
  file: dest=/root/.ssh/github mode=0600

- name: Deploy site files from Github repository
  sudo: yes
  git:
    repo: git@github.com:miohtama/foobar.git
    dest: /srv/django/foobar
    key_file: /root/.ssh/github
    accept_hostkey: yes
    force: yes

If I understand this correctly, you do - or want to - deploy your private key to the remote machine so you can clone the repo. I believe instead you should use key forwarding. In your .ssh/config set this: