[build2] Using ssh-git

Boris Kolpackov boris at codesynthesis.com
Mon Nov 5 14:34:59 UTC 2018

Bo Lorentsen <bl at lue.dk> writes:

> The reason that ssh would be nice here, is the fact that once the ssh rsa
> key are in place, on the developer system, the credential situation are much
> more easy to handle (on aws at least), as it works along with whatever other
> ssh communication and git in the dev clones.

Right, that was my thinking as well. Things like private keys/ssh-agent
should make authorization fairly transparent.

> I think that I will go for the credential in url version, as Karen
> suggested, and just hope that one day I can use ssh as an alternative.

We will try to add ssh:// support for the next release. I will ping you
when we have something for you to try.

> I also think the URL version are more robust when scaling up in a larger
> company, as we could make a key that only have specific readonly access to a
> given set of git repos ARN's. That way the revealed key and password is not
> that sensitive having floating around in all kind of manifest files :-)

Yes, though this is still not ideal, especially if the contents of these
repositories are proprietary/sensitive.

I did a bit of research and it seems there is a mechanism similar to
ssh-agent for caching git credentials:




Have you seen/tried this?

More information about the users mailing list