An open source git-remote-helper that handles authentication for GCP Identity Aware Proxy.
- Download pre-compiled binaries from
our release page. - Install
git-remote-https+iapbinary onto the system$PATH - Run
GIT_IAP_VERBOSE=1 git-remote-https+iap install
- Generate OAuth credentials FOR THE HELPER[1]
- Configure the IAP protected repositories:
git-remote-https+iap configure \
--repoURL=https://git.domain.acme/demo/hello-world.git \
--helperID=xxx \
--helperSecret=yyy \
--clientID=zzz
Notes:
- In the example above,
xxxandyyyare the OAuth credentials FOR THE HELPER, that needs to be created as instructed here.zzzis the OAuth client ID that has been created when your Identity Aware Proxy instance has been created. - All repositories served on the same domain (
git.domain.acme) would share the same configuration
[1]: This needs to be done only once per organisation. While these credentials are not treated as secret and can be shared within your organisation, it seem forbidden to publish them in any open source project.
Once your domain has been configured, you should be able to use git as you would normally do, without thinking about the IAP layer.
$ git clone https://git.domain.acme/demo/hello-world.git
If you are using
git-lfs, the minimal version requirement is>= v2.9.0, which introduced support of HTTP cookies.
If needed, you can set the GIT_IAP_VERBOSE=1 environment variable in order to increase the verbosity of the logs.