How to authenticate git


#1

I’m trying a git resource:

resources:
- name: resource-turorial
  type: git
  source:
    uri: https://gitlab.eng.mycompany.com/chaol/fortest.git
    branch: master

But gitlab requires login. I tried directly git clone the repo from worker node:

worker@worker-node2:~$ git clone https://gitlab.eng.mycompany.com/chaol/fortest.git
Cloning into 'fortest'...
Username for 'https://gitlab.eng.mycompany.com':

So how to configure the git resource with username and password or key in order to allow concourse to access the git repo?

One more general questions is, where can I find documentation of each resource type? How can I know which attributes a resource type supports?


#2

Hi evanchaoli,

there is private_keysource parameter of the git resource which you need to specify.

best,
D


#3

Can you please give a sample? What key should be given to that parameter?


#4

your git private key whose public counterpart is set in your Github repo Settings to allow access.

best,
D


#5

I added private_key as:

resources:
- name: resource-turorial
  type: git
  source:
    uri: https://gitlab.eng.vmware.com/chaol/fortest.git
    branch: master
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      (removed by moderator)
      -----END RSA PRIVATE KEY-----

But it still got an error Error loading key "/tmp/git-resource-private-key": invalid format. What is my wrong?


#6

your private key is invalid, check for white spaces and new lines.

But i would not place the private_key directly in your pipeline.yml.

Use a secrets file instead and invoke it with the fly cli (@checkout fly sp -h for further informations). Alternatively you can also use your favourite Hashicorp Vault or Credhub for this (@see https://concourse-ci.org/creds.html).

best,
D


#7

Thank you a lot. Finally I got git worked.

When you said ‘use a secrets file’, I have checked fly sp -h, do you mean to use --var?


#8

You can reference a .json or .yml with the -l option instead. --var works too but i like the option with a real secrets file more.

best,
D


#9

Denis, thanks a lot. I got -l local_yaml working also.