Add git ssh auth support #53
Comments
jeanduplessis
added
needs:triage-stale
needs:triage
and removed
needs:triage
needs:triage-stale
labels
|
While this is not implemented yet, the workaround to handle the |
|
Has anyone successfully used private github repositories with provider-terraform? github seems to have dropped support for password authentication 2021? ❯ git config --global credential.helper store
❯ git clone https://github.com/***/argocd-apps.git
Cloning into 'argocd-apps'...
Username for 'https://github.com': ***
Password for 'https://***@github.com':
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/***/argocd-apps.git/' |
|
@davidwincent we recommend using personal access tokens https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#using-a-personal-access-token-on-the-command-line that is totally supported. |
|
Personal access tokens are tied to individuals. A SSH key can be uploaded as a deploy key to allow access independent of when an individual leaves and not exposing other permissions of that individual. Usage of PAT for something like this is not git best practice, since this is a technical system accessing the repo, not a human user. |
|
Personal Access Tokens cannot target repositories located in organizations by default in GitHub, so using SSH / GitHub Deploy Keys is the only option |
|
I still need to extend/polish the documentation (contributions welcomed!), but I developed github-token-manager specifically to address the need for short-lived GitHub access tokens for use-cases such as this. You provide GitHub App credentials to the operator, and it will manage any number of Secrets containing ephemeral installation tokens with an arbitrary subset of privileges (ie filter repositories, reduced privileges per token, etc) assigned to its App. |
|
Is this going to be addressed at some point? Literally makes this provider unusable for any terraform module in your typical private organisation. |
What problem are you facing?
Some environments rely on gith ssh based auth for private repositories instead of the currently supported token one.
There were multiple requests in slack, an issue in this repo and even an implementation attempt in the old repo
How could Official Terraform Provider help solve your problem?
Extend the current code around credentials setup with ssh support.
The text was updated successfully, but these errors were encountered: