diff --git a/configuration/overview.mdx b/configuration/overview.mdx index 7379341..565c18c 100644 --- a/configuration/overview.mdx +++ b/configuration/overview.mdx @@ -170,14 +170,18 @@ These properties are as follows: #### Storage Git -| Property | Description | Default | Since | -| ----------------------------------------- | ----------------------------------------------------------- | ------- | ------- | -| storage.git.repository | The URL of the git repository to use | | v1.25.0 | -| storage.git.ref | The git ref to use | main | v1.25.0 | -| storage.git.poll_interval | The interval to poll the git repository and ref for changes | 30s | v1.25.0 | -| storage.git.authentication.basic.username | The username to use for basic authentication | | v1.25.0 | -| storage.git.authentication.basic.password | The password to use for basic authentication | | v1.25.0 | -| storage.git.authentication.token | The access token to use for authentication | | v1.25.0 | +| Property | Description | Default | Since | +| ------------------------------------------------------- | ----------------------------------------------------------- | ------- | ------- | +| storage.git.repository | The URL of the git repository to use | | v1.25.0 | +| storage.git.ref | The git ref to use | main | v1.25.0 | +| storage.git.poll_interval | The interval to poll the git repository and ref for changes | 30s | v1.25.0 | +| storage.git.authentication.basic.username | The username to use for basic authentication | | v1.25.0 | +| storage.git.authentication.basic.password | The password to use for basic authentication | | v1.25.0 | +| storage.git.authentication.token | The access token to use for authentication | | v1.25.0 | +| storage.git.authentication.ssh.password | Password used to generate the SSH keypair | | v1.30.0 | +| storage.git.authentication.ssh.private_key_path | Path to private key on the filesystem | | v1.30.0 | +| storage.git.authentication.ssh.private_key_bytes | (alternative) raw private key bytes | | v1.30.0 | +| storage.git.authentication.ssh.insecure_ignore_host_key | Skip verifying the known hosts key (avoid in production) | false | v1.30.0 | #### Storage Object diff --git a/configuration/storage.mdx b/configuration/storage.mdx index e1dc1d8..9157091 100644 --- a/configuration/storage.mdx +++ b/configuration/storage.mdx @@ -205,7 +205,7 @@ Flipt will follow the configured reference (e.g. branch name) and keep up to dat #### Authentication Authentication enables the ability to leverage private Git repositories as flag state backends. -The `git` type backend supports both `basic` and `token` based authentication schemes. +The `git` type backend supports both `basic`, `token` and `ssh` based authentication schemes. **GitHub** @@ -229,6 +229,33 @@ storage: password: < github-personal-access-token > ``` +**SSH** + +In order to configure Flipt with SSH, you will need to generate an SSH key-pair and configure your repository provider with the public key. +GitHub has some excellent documentation regarding how to generate and install you credentials [here](https://docs.github.com/en/authentication/connecting-to-github-with-ssh). + +Once you have your private key credentials you will need to configure Flipt to use them. +This can be done via the `storage.git.authentication.ssh` configuration section: + +```yaml +storage: + type: git + git: + repository: git@github.com:flipt-io/some-private-repo.git + authentication: + ssh: + password: flipt + private_key_path: private-key.pem + # private_key_bytes: # alternatively pass the raw bytes inline + insecure_ignore_host_key: true +``` + + +`insecure_ignore_host_key` is not encouraged for production use, and is `false` by default. +Instead, you are advised to put the key fingerprint in the known hosts file where you are running Flipt. +For example, for Github you can do `ssh-keyscan github.com >> ~/.ssh/known_hosts` on the Flipt host. + + See our [GitOps Guide](/guides/get-going-with-gitops) for an example of how to set up a GitHub repository as a flag state backend. ### Object