Support Git over HTTPS with creds from env vars #2470

This commit makes supplying HTTP(S) basic auth credentials in the `--git-url` secure. Places where the full remote origin were logged have been modified to only log the `Remote.SafeURL()` so that the authentication key is never exposed in the logs. Securely supplying the credentials without exposing them in the Flux workload is possible by adding two environment variables (e.g. `GIT_AUTHUSER` and `GIT_AUTHKEY`) to a Kubernetes secret, and using Kubernetes mechanics to define them in the Flux pod by using an `envFrom`. The variables can then be used in `--git-url` argument as documented in the Kubernetes documentation[1]: `--git-url=https://$(GIT_AUTHUSER):$(GIT_AUTHKEY)@github.com/an/example.git` If the `--git-url` uses a HTTP(S) scheme; the generation of an SSH private key and the setup of the SSH keyring is now disabled. Co-Authored-By: Vytautas Maciulskis <vyckou@gmail.com> [1]: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config

To make secure HTTPS configurations using Helm possible, by using the defined environment variables from the `env.secretName` in the `git.url`.

By adding links to various documentation pages from git vendors about creating a personal access token.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support Git over HTTPS with creds from env vars #2470

Support Git over HTTPS with creds from env vars #2470

Commits on Sep 26, 2019