Skip to content

Commit

Permalink
feat(configuration/git): add SSH authentication documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@GeorgeMac
GeorgeMac committed Oct 31, 2023
1 parent 9f5bc2b commit 4578d11
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 9 deletions.
20 changes: 12 additions & 8 deletions configuration/overview.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,14 +170,18 @@ These properties are as follows:

#### Storage Git

| Property | Description | Default | Since |
| ----------------------------------------- | ----------------------------------------------------------- | ------- | ------- |
| storage.git.repository | The URL of the git repository to use | | v1.25.0 |
| storage.git.ref | The git ref to use | main | v1.25.0 |
| storage.git.poll_interval | The interval to poll the git repository and ref for changes | 30s | v1.25.0 |
| storage.git.authentication.basic.username | The username to use for basic authentication | | v1.25.0 |
| storage.git.authentication.basic.password | The password to use for basic authentication | | v1.25.0 |
| storage.git.authentication.token | The access token to use for authentication | | v1.25.0 |
| Property | Description | Default | Since |
| ------------------------------------------------------- | ----------------------------------------------------------- | ------- | ------- |
| storage.git.repository | The URL of the git repository to use | | v1.25.0 |
| storage.git.ref | The git ref to use | main | v1.25.0 |
| storage.git.poll_interval | The interval to poll the git repository and ref for changes | 30s | v1.25.0 |
| storage.git.authentication.basic.username | The username to use for basic authentication | | v1.25.0 |
| storage.git.authentication.basic.password | The password to use for basic authentication | | v1.25.0 |
| storage.git.authentication.token | The access token to use for authentication | | v1.25.0 |
| storage.git.authentication.ssh.password | Password used to generate the SSH keypair | | v1.30.0 |
| storage.git.authentication.ssh.private_key_path | Path to private key on the filesystem | | v1.30.0 |
| storage.git.authentication.ssh.private_key_bytes | (alternative) raw private key bytes | | v1.30.0 |
| storage.git.authentication.ssh.insecure_ignore_host_key | Skip verifying the known hosts key (avoid in production) | false | v1.30.0 |

#### Storage Object

Expand Down
29 changes: 28 additions & 1 deletion configuration/storage.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ Flipt will follow the configured reference (e.g. branch name) and keep up to dat
#### Authentication

Authentication enables the ability to leverage private Git repositories as flag state backends.
The `git` type backend supports both `basic` and `token` based authentication schemes.
The `git` type backend supports both `basic`, `token` and `ssh` based authentication schemes.

**GitHub**

Expand All @@ -229,6 +229,33 @@ storage:
password: < github-personal-access-token >
```

**SSH**

In order to configure Flipt with SSH, you will need to generate an SSH key-pair and configure your repository provider with the public key.
GitHub has some excellent documentation regarding how to generate and install you credentials [here](https://docs.github.com/en/authentication/connecting-to-github-with-ssh).

Once you have your private key credentials you will need to configure Flipt to use them.
This can be done via the `storage.git.authentication.ssh` configuration section:

```yaml
storage:
type: git
git:
repository: [email protected]:flipt-io/some-private-repo.git
authentication:
ssh:
password: flipt
private_key_path: private-key.pem
# private_key_bytes: <raw-key-bytes> # alternatively pass the raw bytes inline
insecure_ignore_host_key: true
```

<Warning>
`insecure_ignore_host_key` is not encouraged for production use, and is `false` by default.

Check failure on line 254 in configuration/storage.mdx

View workflow job for this annotation

GitHub Actions / lint 

Replace ``insecure_ignore_host_key`·is·not·encouraged·for·production·use,·and·is·`false`·by·default.⏎Instead,·you·are·advised·to·put·the·key·fingerprint·in·the·known·hosts·file·where·you·are·running·Flipt.⏎For·example,·for·Github·you·can` with `··`insecure_ignore_host_key`·is·not·encouraged·for·production·use,·and·is⏎··`false`·by·default.·Instead,·you·are·advised·to·put·the·key·fingerprint·in·the⏎··known·hosts·file·where·you·are·running·Flipt.·For·example,·for·Github·you·can⏎·`
Instead, you are advised to put the key fingerprint in the known hosts file where you are running Flipt.
For example, for Github you can do `ssh-keyscan github.com >> ~/.ssh/known_hosts` on the Flipt host.
</Warning>

See our [GitOps Guide](/guides/get-going-with-gitops) for an example of how to set up a GitHub repository as a flag state backend.

### Object
Expand Down

0 comments on commit 4578d11

Please sign in to comment.