Skip to content
/ auth Public

GitHub Action for authenticating with Teleport

8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

teleport-actions/auth

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
dist
dist
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation


Read our Blog: https://goteleport.com/blog/

Read our Documentation: https://goteleport.com/docs/getting-started/

teleport-actions/auth@v2

auth uses Teleport Machine ID to generate a set of credentials which can be used with other Teleport client tools such as tsh and tctl.

The action has the following outputs:

  • identity-file: the path to the identity file which can be used with tctl and tsh.
  • ssh-config: the path to the generated SSH config which can be used with ssh.

Pre-requisites:

  • Teleport 14 or above must be used. Use teleport-actions/auth@v1 for compatability with older versions of Teleport.
  • Teleport binaries must already be installed in the job environment.
  • You must have created a bot and created a GitHub join token that allows that bot to join.
  • A Linux based runner.

Example usage:

on:
  workflow_dispatch: {}
jobs:
  demo-auth:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    steps:
      - name: Install Teleport
        uses: teleport-actions/setup@v1
        with:
          version: 14.0.0
      - name: Authorize against Teleport
        id: auth
        uses: teleport-actions/auth@v2
        with:
          # Specify the publically accessible address of your Teleport proxy.
          proxy: tele.example.com:443
          # Specify the name of the join token for your bot.
          token: my-github-join-token-name
          # Specify the length of time that the generated credentials should be
          # valid for. This is optional and defaults to "1h"
          certificate-ttl: 1h
          # Enable submission of anonymous usage telemetry to Teleport.
          # See https://goteleport.com/docs/machine-id/reference/telemetry/ for
          # more information.
          anonymous-telemetry: 1
      - name: List nodes (tsh)
        run: tsh -i ${{ steps.auth.outputs.identity-file }} ls
      - name: List nodes (tctl)
        run: tctl -i ${{ steps.auth.outputs.identity-file }} --auth-server tele.example.com:443 nodes ls
      - name: Use OpenSSH with output config
        run: ssh -F ${{ steps.auth.outputs.ssh-config }} user@host "echo foobar"

Note that tsh and tctl require the flag pointing at the identity file and tctl also requires the address of the Proxy or Auth Server to be provided.

Environment Variables

By default, this action will set the following environment variables:

  • TELEPORT_AUTH_SERVER: the address of the Teleport Auth Server.
  • TELEPORT_PROXY: the address of the Teleport Proxy.
  • TELEPORT_IDENTITY_FILE: the path to the identity file.

This will automatically configure tools like tsh and tctl to use the generated credentials. However, this can cause issues if you intend to invoke tbot multiple times.

You can disable this behaviour by setting the disable-env-vars input to true.

Outputs

This action will output the following values:

  • identity-file: the path to the identity file.
  • ssh-config: the path to the generated SSH config.

Next steps

Read the teleport-actions/auth getting started guide: https://goteleport.com/docs/machine-id/guides/github-actions/

About

GitHub Action for authenticating with Teleport

Resources

Readme
Activity
Custom properties

Stars

8 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 8

v2.0.3 Latest
Aug 20, 2024
+ 7 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •