Add support for git https credentials #23
Conversation
Without this, building Dockerfiles with ONVAULT fails in the presence of an http proxy.
…h an empty volume)
This implements dockito#21. It is a simple way to provide git credentials not only for ssh via keys, but also for https. In corporate settings with internet access through proxies, ssh is often not allowed and one is forced to use https. There are two ways to use this, either you provide a credential store and mount it when running `vault`. ``` docker run -p 172.17.0.1:14242:3000 -v $PWD/store:/vault/store vault ``` Alternatively you can also start the vault with an empty store and interactively add / remove credentials. ``` docker run -p 172.17.0.1:14242:3000 --name vault vault # the following prompts you for a username and password which are stored in the # running container docker exec -it vault credentials set github.com ``` The usage inside a `Dockerfile` is the same as for the ssh key. Simply prepend your `git clone` or other commands with `ONVAULT`. The changes are really fairly simple: - One route is added in `index.js` to download the file with the credentials. - ONVAULT is extended to download the additional file and configure git, as well as revert the changes after executing the passed command. - The `credential` helper script is added to the container. This is actually not essential, but more of a convenience such that you don't need to create the credential files manually. I did not yet update the README, but I can do that before merge if you are willing to include this addition. closes dockito#21
| if [[ "$VAULT_SSH_KEY" != "id_rsa" ]]; then | ||
| # configure the ssh to any host to use this ssh key | ||
| echo -e "\nHost *\nIdentityFile ~/.ssh/$VAULT_SSH_KEY" >> ~/.ssh/config | ||
| fi | ||
|
|
||
| # download git credential store to temporary location | ||
| tmp_git_credential_store=`mktemp ~/.git-credentials-XXXXXX` |
There was a problem hiding this comment.
I have removed the mktemp from the script to allow using it with Linux distros without this command.
Please take a look at c202988.
|
Hi @NikolausDemmel, The reasons for including this feature seems right to me. I have not looked deeply in your changes because I didn't have much free time this weekend. But from I what I have seen it looks good. I just have to test it carefully before merging it into master. I will save some free time during this week for this. Until there if you could also include the docs would be awesome. Thanks. |
|
|
||
| # restoring old setting | ||
| git config --global credential.helper "$git_config_old_credential_helper" | ||
| git config --global core.askpass "$git_config_old_core_askpass" |
There was a problem hiding this comment.
Note to self: I need to test this "restoring" of the git config.
Cool, thanks! Yes, I will update the docs and remove |
This builds on top of PR #22, so that should be merged first.
This implements #21. It is a simple way to provide git credentials not only for
ssh via keys, but also for https. In corporate settings with internet access
through proxies, ssh is often not allowed and one is forced to use https.
There are two ways to use this, either you provide a credential store and mount
it when running
vault.Alternatively you can also start the vault with an empty store and interactively
add / remove credentials.
The usage inside a
Dockerfileis the same as for the ssh key. Simply prependyour
git cloneor other commands withONVAULT.The changes are really fairly simple:
index.jsto download the file with the credentials.well as revert the changes after executing the passed command.
credentialhelper script is added to the container. This is actuallynot essential, but more of a convenience such that you don't need to create
the credential files manually.
I did not yet update the README, but I can do that before merge if you are
willing to include this addition.
closes #21